**Introduction** A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience. **Your role and responsibilities** The Security Operations Center Analyst III position will be a member of a dedicated security team within IBM Consulting Federal. In this role, the SOC analyst will support a dedicated 24x7x365 operation for a Federal program. The SOC Analyst will provide in-depth analysis of potential security events / anomalies based on alerts, events, and tips that have been initially triaged by tier 1 analyst. The SOC Analyst will leverage all available enterprise security tools, knowledge sources, and data artifacts to determine the who, what, when, where and why of a potential security event. When required, the SOC Analyst will assist to coordinate the execution and implementation of all actions required for the containment, eradication, and recovery from cybersecurity events and incidents.The SOC Analyst will support regular reviews and updates of security documentation. The SOC Analyst will conduct proactive threat hunting to identify and mitigate potential risks• Perform alternating shift work on a 24x7x365 Security Monitoring, Analysis and Response • Support incident investigations, response, and reporting • Security Reporting • Vulnerability Analysis • SOC ticket queue management • Document actions taken and analysis in the authorized ticketing system • Security documentation review and updates • Proactive threat hunting **Required technical and professional expertise** * 5+ years of experience working in a 24x7x365 SOC environment * Background in incident response, system/network operations and threat intelligence. * Experience utilizing enterprise security technologies such as SIEM/SOAR, NGAV/EDR, Vu * Understanding of common cyber intrusion frameworks such as Cyber Kill Chain, Diamond Model, MITRE ATT&CK * Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and/or service requests. * Experience in Insider Threat, Digital media forensic, Monitoring and detection, Incident Response. * Security +, CEH, CFR, CCNA Cyber Ops , CCNA-Security, CySA+ **, GCIA, GCIH, GICSP, Cloud+, SCYBER, PenTest* Understanding and experience with FedRAMP Cloud Security Requirements * Ability to obtain and maintain a security clearance from the US federal government. **Preferred technical and professional experience** * Monitor and Analyze Security Telemetry - Continuously monitor telemetry from OT-specific sensors, IT-Specific Sensors, SIEM platform, and Network Security tools to detect anomalous activity across OT environments. * Triage and Enrich Security Alerts - Investigate and prioritize alerts using ML and AI-driven recommendations and contextual threat intelligence to determine severity and relevance. * Incident Escalation and Documentation - Escalate validated incidents following established SOPs, ensuring accurate and timelydocumentation of findings and actions taken. * Correlate Multi-Source Data - Correlate alerts from various sources to identify true positives and uncover complex attack patterns or persistent threats. * Coordinate with Operational Technology (OT) Stakeholders - Collaborate with plant operators and OT personnel during incident investigations to ensure minimal disruption to critical infrastructure. * Support Incident Response Activities - Assist in containment, eradication, and recovery efforts during security incidents, and contribute to post-incident reviews and reporting. * Mentor and Support Tier 1 & 2 Analysts - Provide guidance and technical support to L1 analysts, helping to improve triage accuracy and SOC efficiency. * Contribute to SOC Process Improvement - Participate in the development and refinement of SOC playbooks, procedures, and automation workflows (SOAR). Python coding prefered. * Maintain Situational Awareness - Stay informed on emerging threats, vulnerabilities, and attack techniques relevant to OT and ICS environments. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.