**Introduction** The Office of the Chief Information Security Officer (CISO) is entrusted with the critical mission of safeguarding IBM’s global infrastructure—as well as the systems and data of the clients we support worldwide. This responsibility spans the full spectrum of cybersecurity, with specialized teams dedicated to: * Vulnerability Management * Threat Detection & Intelligence * Security Operations * Product & Application Security * Mail Security * System Inventory & Asset Management * Endpoint Detection & Response (EDR) * Computer Security Incident Response (CSIRT) At the heart of this ecosystem, CSIRT plays a pivotal role in managing IBM’s internal global incident response process. This team leads the investigation and resolution of cybersecurity and data privacy incidents across IBM, ensuring swift containment, thorough analysis, and resilient recovery. CSIRT operates in close coordination with other security functions to protect IBM’s digital assets and uphold trust with our clients. **Your role and responsibilities** IBM’s Computer Security Incident Response Team (CSIRT) is seeking a seasoned Incident Responder with a strong background in cybersecurity operations and end to end incident management. This role is pivotal in leading the tactical response to cyber and data incidents, working in close partnership with analysts and other cybersecurity professionals to protect IBM and its clients. As an Incident Responder, you will be responsible for: * Initiating and leading incident response efforts, including triage, containment, mitigation, and resolution. * Coordinating across teams such as SOC, Threat Detection, and Forensics to ensure timely and effective incident handling. * Making rapid decisions under pressure to minimize impact and restore operations. * Documenting and communicating incident findings, actions taken, and recommendations for future prevention. * Understanding attacker tactics, techniques, and procedures (TTPs) to anticipate and counter threats effectively. The ideal candidate will bring: * Proven experience in incident response and containment strategies. * Familiarity with security technologies, hosting environments, and modern threat landscapes. * Strong technical, organizational, and communication skills to lead cross-functional efforts. * A proactive mindset and ability to operate in high-stakes environments. **Required technical and professional expertise** * Minimum of 3 years of experience in cybersecurity incident response within a global enterprise environment. * Working knowledge of major operating systems (Windows, macOS, Linux) to support incident investigation and containment activities. * Familiarity with cyber threat actor behaviors, including common tactics, techniques, and procedures (TTPs). * Experience using endpoint and network security tools (e.g., CrowdStrike, Microsoft Defender for Endpoint) to support incident detection and response. * Basic understanding of enterprise network infrastructure and security controls, such as firewalls, proxies, IDS/IPS, and endpoint protection platforms. * Ability to assess and correlate security events to identify potential threats and guide response actions. * Strong communication skills, with the ability to document incidents clearly and present findings to technical and business stakeholders. * Proven ability to work independently and collaboratively, especially under pressure during active incidents. * Organized and detail-oriented, with a focus on timely execution and follow-through during incident handling. **Preferred technical and professional experience** Demonstrated computer forensic investigations experience Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE) Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure Ability to successfully lead and facilitate information gathering meetings Experience managing small and large scale cyber security incidents IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.