In this role, you’ll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.• Understand the different types of phishing attacks (spear-phishing, credential phishing, whaling, smishing, vishing) and the techniques used by attackers to trick users.
• General knowledge of cybersecurity, including best practices for protecting emails, accounts, and sensitive data.
• Ability to identify patterns and signs of phishing campaigns by analyzing the emails, messages, URLs, and domains used.
• Ability to analyze suspicious emails (email headers, content, links, and attachments) for signs of phishing, such as malicious links, fake sender addresses, or spoofing techniques.
• Ability to detect “spoofing” attacks or spoofed domains that pretend to be legitimate entities.
• Ability to identify patterns of deception and manipulation in the content of emails or messages intended to convince users to hand over confidential information or download malware.
• Ability to coordinate immediate response to a phishing incident, ensuring affected users receive support, and a containment plan is in place to minimize impact.
• Ability to handle incidents where user accounts have been compromised, including resetting credentials, temporarily locking accounts, and safely regaining access
• Ability to contain the spread of phishing attacks through actions such as blocking malicious domains, removing phishing emails from inboxes, and implementing filtering rules on mail servers.
• Experience in managing the recovery of data or accounts affected by successful phishing attacks, ensuring they are safely restored without reinfection.
• Knowledge of implementing email authentication standards to prevent domain spoofing and mitigate phishing attacks.
• Ability to investigate malicious attachments distributed via phishing emails.
• Knowledge of how to collect and preserve electronic evidence in a phishing incident, ensuring data integrity for future investigations or legal proceedings.
• Ability to document each phishing incident, including its analysis, response, and lessons learned.
• Experience in proactively monitoring phishing threats in real-time, using security monitoring tools such as SIEMs (QRadar).
• Knowledge in automating responses to phishing incidents through the use of SOAR (Security Orchestration, Automation, and Response) solutions, reducing response time and the impact of the attack.
• Ability to work with threat intelligence data to identify patterns and new phishing campaigns that may target the organization.
• Ability to perform forensic analysis of emails and systems compromised in phishing incidents, including collecting email headers, analyzing network traffic, and extracting indicators of compromise.
• Ability to identify trends in phishing attacks and propose improvements in security policies and employee training.
• English language.