IBM Security Consultant-SOC Lead 

India, Maharashtra, Mumbai 

911019643

The consultants should have depth of knowledge and experience in core security domains SOC Assessments, Use Cases, SOC Runbooks, SOC Processes, SOC Operations, SIEM, Threat Hunting, Threat Intelligence, IOC’s. The consultants will provide subject matter expertise in the form of briefings, workshops, technical assessments, and/or consulting engagements within their domain that assess a client’s security capabilities as well as recommending solutions to enhance a client’s overall security capabilities. Such client security capabilities will involve use case design and implementation, runbook design and implementation, policy, process, technology assessment and build, governance, or organizational areas. The SOC consultant will also act as transition architect to connect client SOC Technology solution to IBM Security Operation Centers.
Core consulting

• Strong communication and presentation skills
• Strong writing skills
• Comfortable working in a project based / client serving model.
• Ability to shape client expectations.
• Drive client pursuits and engage in complex deals.
• Ability to work with global and diverse teams in a dynamic environment.
• Ability to work in a matrix management model.
• The consultant will assist in pre-sales, sales, deal closure, and the delivery of security consulting services.

Security Technical Skills

You understand and how to build use-cases because you know what you’re looking for. For example, you understand how ransomware and other malware, or threats technically works, which logs they write to, their IOCs, network flows, and behaviors; thus, you are adapt at building custom use-cases that hunt for early indicators. Additionally, you understand how to hunt for threats, the relationship it has with forensic investigations, and creating extracts that divulge targets and areas of interest. Also, you can design Threat Hunting programs which can be taught to other analysts, or even be automated using artificial intelligence. False positives are your sworn enemies.

Required Technical and Professional Expertise

• Should be able to design and implement end to end use-cases, runbooks (A Must)
• Hands on SIEM: QRadar, Sentinel, Splunk, others
• Hand on SOAR: Resilient and others (SOAR workflow and playbook skill set)
• Knowledge of Palo Alto Cortex solution and XSIAM
• Knowledge and working experience with EDR, Attack Surface Management, Threat Intelligence tools
• Expert knowledge of Mitre Framework, NIST framework and Cyber Kill Chain Process.
• Scripting and custom parser knowledge required for integrations.
• An understanding of Threat Intelligence and Threat Hunting
• proficient in incident response processes – detection, triage, incident analysis, remediation, and reporting.
• Understanding of compliance issues (ISO 27001, PCI, COBIT, GDPR, POPII, etc..) and market regulations
• knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc)
• Knowledge of malware operation and indicators
• Knowledge of threat landscape (threat actors, APT, cyber-crime, etc
• knowledge of Windows and Linux
• Knowledge in penetration techniques

Preferred Technical and Professional Expertise

• You love collaborative environments that use agile methodologies to encourage creative design thinking and find innovative ways to develop with cutting edge technologies
• Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work
• Intuitive individual with an ability to manage change and proven time management
• Proven interpersonal skills while contributing to team effort by accomplishing related results as needed
• Up-to-date technical knowledge by attending educational workshops, reviewing publications