Csirt Incident Response Analyst (Austin, Tx)

IBM is seeking a Cyber Security Incident Response Analyst to work on the Cyber Security Incident Response team (CSIRT). This position requires a strong technical security professional, who will be responsible for conducting highly technical and confidential investigations (e.g. data loss, advanced persistent threats, malware analysis etc).The role will be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the CSIRT team. This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment, the ability to determine containment and/or remediation activities that may be required, as well as to identify potential threats. Reporting and collaborating with the different areas of Business will be required, as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.Job Duties:Scoping internal incident response (IR) engagementsImplement effective containment based on assessment of risk and scopeDeveloping an analysis plan that reasonably meets the objectives of the IR engagementCollect and analyze data via:Endpoint Detection & Response (EDR) platformsForensic analysis of targeted artifact collections, full disk images, or memory dumpsLog-based data, both in raw form and utilizing SIEM or aggregation toolsEstablish timelines and patterns of activity based on multiple data sources.Employ best practices and forensically sound principals for evidence collections and handlingPrepare written documentation on relevant findings and analysis methodologyUtilize varied forensic software such as X-Ways, Axiom, SIFT, Plaso, etc.Effectively communicate with internal stakeholders to get necessary cooperation on cases, provide regular updates on analysis findings, establish timelines, and manage expectations