**Introduction** A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences. **Your role and responsibilities** As a Technical Consultant: Threat Detection Response & Intelligence, you play a vital role in safeguarding an organization's digital infrastructure by identifying, analyzing, and mitigating cyber threats. This position involves using a variety of cybersecurity tools to monitor, prioritize, investigate, and respond to security incidents. Your primary responsibilities will include: * Lead and execute end-to-end security incident response activities, from detection to containment, eradication, and recovery. * Participate directly in critical security incidents, including ransomware, intrusions, APT activity, and insider threats. * Perform advanced incident investigations using EDR/XDR telemetry, SIEM data, and forensic artifacts. * Conduct digital forensics on endpoints and servers, including memory, disk, and system artifact analysis. * Perform root cause analysis (RCA) and determine the scope and impact of security incidents. * Investigate adversary behavior using MITRE ATT&CK and map TTPs to incident activity. * Correlate logs and security events using SIEM platforms to support investigations. * Coordinate technical response efforts with SOC, IT, Legal, and business teams during incident response and crisis situations. * Develop, maintain, and execute CSIRT playbooks and response procedures. * Produce forensic documentation and post-incident reports, including timelines, impact assessments, and remediation recommendations. **Required technical and professional expertise** * 3+ years of experience in incident response, DFIR, or CSIRT roles, handling advanced threats. * Proven hands-on experience investigating ransomware, APTs, intrusions, and insider threat incidents. * Strong experience with EDR/XDR platforms, such as Microsoft Defender, CrowdStrike, SentinelOne, and Cortex XDR. * Practical knowledge of digital forensics and DFIR tools, including Velociraptor, FTK, EnCase, Autopsy, and Volatility. * Strong skills in log analysis and event correlation using SIEM technologies. * Solid understanding of Windows, Linux, and Active Directory environments. * Experience performing MITRE ATT&CK-based investigations and adversary TTP analysis. * Familiarity with incident response frameworks, including NIST SP 800-61, NIST CSF, and ISO/IEC 27035. * Basic experience working in cloud environments such as Azure and AWS. * Ability to work under pressure during high-impact security incidents. * Intermediate English level (technical reading and communication). **Preferred technical and professional experience** * Relevant security and incident response certifications, such as GCIH, GCED, GCFA, SC-200, or vendor-specific DFIR / EDR certifications. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.