**Introduction** A career in IBM Consulting X-Force Incident Response is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting X-Force IR, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences. **Your role and responsibilities** As a Senior Incident Response Consultant for IBM Security X-Force Incident Response practice, specializing in Digital Forensics & Incident Response, you will lead incident response efforts to contain and mitigate data breaches, providing strategic direction to clients on prioritizing response actions. You will also help lead and collaborate with a team of elite responders and forensic analysts, ensuring effective collaboration and knowledge sharing. Your primary responsibilities will include: * Lead Incident Response Efforts: Provide strategic and technical direction to clients on prioritizing response actions, ensuring effective containment and mitigation of data breaches. This involves collaborating with clients to understand their specific needs and developing tailored response plans. * Foster a culture of collaboration and knowledge sharing to drive effective incident response. * Ensure Regulatory Compliance: Stay up-to-date with various data privacy and regulatory standards, advising clients on compliance and best practices to minimize risk. * Deliver Technical Recommendations: Provide technical recommendations to security and IT staff, helping organizations prepare, detect, and respond to security breaches. * The role includes participation in an on-call rotation to support incident response engagements outside of standard business hours. On-call responsibilities are shared across the team and managed to support sustainable working practices. **Required technical and professional expertise** * Deep Expertise in Incident Response: Proven experience in leading incident response efforts, containing and mitigating data breaches, and providing strategic direction to clients on prioritizing response actions. * Experience with Team Collaboration: Demonstrated ability to collaborate with a team of responders and forensic analysts, ensuring effective collaboration and knowledge sharing to drive incident response efforts. * Regulatory Compliance Knowledge: In-depth understanding of various data privacy and regulatory standards, with experience advising clients on compliance and best practices to minimize risk. * Technical Proficiency in EDR Tools: Hands-on experience utilizing leading Endpoint Detection & Response (EDR) tools to hunt for threats, identify potential security incidents, implement corrective measures, and configurations. * Significant hands-on experience with hardware/software tools used in incident response, digital forensics, network security assessments, and/or application security. * Ability to forensically analyze both Windows & Unix systems for evidence of compromise * Experience performing log analysis locally and via SIEM/log aggregation tools. * Familiarity with Active Directory, Exchange and O365 applications and logs * Familiarity with tools and techniques required to analyze and reverse diverse protocols and data traversing a network environment * Familiarity with cloud computing platforms like IBM Cloud, AWS, Azure, or GCP * Proficient in writing cohesive reports for technical and non-technical audiences. * Examine and analyze available client internal policies, processes, and procedures to determine patterns and gaps at both a strategic and tactical levels. Recommend appropriate course of action to support maturing the client’s incident response program and cyber security posture. * A strong familiarity with various security frameworks and standards such as ISO 27001/2, PCI DSS, NIST800-53, 800-171, and applicable data privacy laws and regulations. * Demonstrated experience with planning, scoping, and delivering technical and/or executive level tabletop exercises, with a focus on either tactical or strategic incident response processes. * Ability to incorporate current trends and develop custom scenarios applicable to a client. * Low-level operating system knowledge, including automation and performing administrative tasks. * Scripting or programming experience, preferably in a language commonly used for DFIR such as Python or PowerShell. * Ability to work with data at scale such as using Splunk / ELK. * Expertise working with shell programs such as grep, sed and awk to process data quickly. * Working experience with virtualization and cloud technology platforms like IBM Cloud, AWS, GCP & Azure. **Preferred technical and professional experience** * Advanced Threat Hunting: Experience with threat hunting methodologies and techniques to identify potential security incidents. * Utilization of leading Endpoint Detection & Response (EDR) tools to hunt for threats and implement corrective measures. * Data Privacy Standards: In-depth understanding of various data privacy standards, including GDPR, HIPAA, and CCPA, with experience advising clients on compliance and best practices to minimize risk. * Security Frameworks: Familiarity with industry-recognized security frameworks, such as NIST Cybersecurity Framework, MITRE ATT&CK to inform incident response strategies and ensure regulatory compliance. * Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations. * Capable of developing strategic level incident response plans as well as tactical-focused playbooks. * Ability to manage tasks and coordinate work streams during incident response investigations. * Communication skills: able to communicate fluently in English. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.