Tier 2 MSIEM Analyst

Job description

Under the Managed Security Services portfolio, The IBM Tier 2 Analyst is directly responsible for conducting secondary triage and analysis on escalated events and initial remediation for escalated incidents.
Analysts will use SIEM technology and additional toolsets specific to the client environment to aid the identification and triage of malicious incidents in the process of investigate alerts that are escalated from Tier 1, the client, or from intelligence sources. Analysts will work with engineering teams to assist in the creation and modification of alerting rules in the SIEM. The Analyst will communicate with the client on a regular basis through various methods to ensure operational awareness.
Additional Tier2 analyst tasks are:
Ø Assess the impact to systems (critical, sensitive data) and provide direction to Tier 1, Technology Management teams and recommendations to the Client team.
Ø Perform an advanced analysis of log files, threat vector indicators, vulnerability analysis, external reports, internal guidance to identify false positive and true positive events.
Ø Collect contextual information, pursue technical root cause analysis, and attack method analysis. Provide Technical Root Cause Analysis on escalated security incidents.
Ø Develop baselines, impact analysis, and data source criticality based on asset classification to determine priority. Upgrade or downgrade Tier 1 assigned potential event priority.
Ø Notify Tier1 of False Positives so appropriate action is taken by them. Provide feedback to Tier1 monitoring team as part of continuous improvement plan.
Ø Determine to treat the alert as a security incident and assign a severity level. Responds based on priority and business impact. Respond to events according to documented procedures and industry best practices.
Ø Escalate alerts to TIER 3 or equivalent client team as documented in communication plan. Escalate as appropriate to the Client team or Services technology management team based on the SIEM offense priority and agreed upon workflow.
Ø Implement custom processes in the client's Incident Response Plan (IRP) for notification and alerting
Ø Methodically work through analysing the false positive
Ø Seek customer approval to Whitelist or configure additional rules to address false positives
Ø Participate in mailing list, forums, SocNet feeds, read advisories to identify Indicators of Compromise (IOC) for specific client industry segment or client profile
Ø Update watchlist, upload watch list to SIEM for the tool to leverage as part of event analysis
Ø Look into history depending on severity to determine if it had a past connection
Ø Advises Administrators, Correlation Engineers, Architects, Account managers through appropriate established communication methods as per communication plan ( ex. Tickets or review meetings ) on changes needed to security stack to prevent future occurrences
Ø Tuning recommendations to the SIEM rules to adjust the specifications of alerts and incidents.
Ø Incident classification and prioritization recommendations.
Ø Recommend use case tuning for enhanced detection based on audits and reviews of potential black list and white list events.
Ø Provide feedback to Threat Monitoring and support forensic analysis as required indicating Business Impact.
Ø Provides feedback on quality of assessment to Tier 1 Monitoring team.

Auto req ID

297921BR
Required Education

High School Diploma/GED
Role ( Job Role )

Security Specialist
State / Province

HEREDIA
Primary job category

Technical Specialist
Company

(0804) IBM Business Transformation Center, S.r.l.
Contract type

Regular
Employment Type

Full-Time
Is this role a commissionable/sales incentive based position?

No
Travel Required

No Travel
IBM Business Group

Security
Preferred Education

Bachelor's Degree
City / Township / Village

HEREDIA
Being You @ IBM

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Required Technical and Professional Expertise

- 2+ years of experience operating in a Security Operations Center Analyst or similar role
- Sound knowledge of SIEM technology
- Apply various techniques to identify and track cyber threats
- Fully analyze various data sources related to security events
- Proficient verbal and writing skills
- Experience with analyzing cyber intelligence
- Security + or equivalent certification
Country/Region

Costa Rica
Preferred Technical and Professional Experience

- 2+ years of experience operating in a Security Operations Center Analyst or similar role
- Sound knowledge of SIEM technology
- Apply various techniques to identify and track cyber threats
- Fully analyze various data sources related to security events
- Proficient verbal and writing skills
- Experience with analyzing cyber intelligence

Secondary Job Category

Technical Solutions Support Specialist
Eligibility Requirements

- At least 2 Cyber Security certification or equivalent.

Position Type

Professional
Early Professional Track

Not Applicable - Professional Hire
Location Statement

For additional information about location requirements, please discuss with the recruiter following submission of your application.
Introduction

At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Life @ IBM

What matters to you when you're looking for your next career challenge?

Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.

Impact. Inclusion. Infinite Experiences. Do your best work ever.
About Business Unit

IBM is a leading provider of enterprise security solutions. Named by industry analysts as a leader in 12 security market segment categories, IBM Security is a multi-billion dollar business that is rapidly growing. In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI and cloud to help clients improve compliance, stop threats, and grow their business securely.
About IBM

IBM's greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.