**Introduction** * SIEM & Incident Management (Splunk) * Independently analyse SIEM alerts in Splunk, correlate across multiple data sources, and enrich with threat intelligence feeds. * Conduct root-cause analysis and propose improvements to detection logic. * Collaborate with engineering teams to enhance Splunk detection rules and SOPs. Validate escalations and ensure incident creation in ticketing platform e.g. Service Now is accurate. * Analyse complex e-mail or hotline cases that fall outside SOPs. * Escalate major incidents to CDC. ------------------------- NextGen Endpoint Protection (CrowdStrike) incidents * Perform in-depth triage and investigation of CrowdStrike Falcon incidents. * Correlate alerts with endpoint telemetry, Splunk logs, and threat intelligence. * Take pre-approved remediation actions via automated workflows. * Conduct root-cause analysis on recurring incidents. * Recommend whitelist/blacklist updates to reduce false positives. ------------------------- Email Malware Prevention * Analyse suspicious emails, including attachment and URL behavioural analysis. * Initiate mitigation measures (IoC blocking, proxy actions, sandbox validation). * Classify severity and escalate critical events to CDC. * Produce intelligence reports on emerging email-borne threats. ------------------------- Mentorship & Coordination * Support continuous improvement of workflows and operational procedures **Your role and responsibilities** The SOC Analyst is responsible for deep-dive investigation, advanced analysis, and resolution of security incidents escalated from automated systems. L1 analysts provide contextual threat analysis, enrichment, and remediation while working closely with CDC and engineering teams. They ensure incidents are accurately classified, mitigated, and documented. **Required technical and professional expertise** * Solid understanding of cyber kill chain, MITRE ATT&CK, and incident response. * Proficiency with SIEM (Splunk), EDR (CrowdStrike), and SOAR automation workflows. * Hands-on experience with e-mail security, sandboxing, and phishing analysis. * Knowledge of malware behavior, threat intelligence sources, and IOC enrichment. * Strong analytical and investigative skills, with the ability to handle complex cases. **Preferred technical and professional experience** * Bachelor’s degree in Computer Engineering, IT, Cybersecurity, or related field. * Security certifications (e.g., Splunk Certified Cybersecurity Defense Analyst CySA+,GIAC, GCIH, or similar). 1-4 years of SOC analyst or incident response experience. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.