Introduction

IBM Infrastructure is a catalyst that makes the world work better because our clients demand it. Heterogeneous environments, the explosion of data, digital automation, and cybersecurity threats require hybrid cloud infrastructure that only IBM can provide.

Your ability to be creative, a forward-thinker and to focus on innovation that matters, is all support by our growth minded culture as we continue to drive career development across our teams. Collaboration is key to IBM Infrastructure success, as we bring together different business units and teams that balance their priorities in a way that best serves our client's needs.

IBM's product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive.

Your role and responsibilities

IBM CISO office is seeking an experienced Cybersecurity Threat Detection Engineer. As a Cyber Threat Detection Engineer, you play a pivotal role as a key advisor for IBM's internal clients. Your primary responsibility is to improve our Threat Detection posture by analyzing Threat Intelligence and determining the best way to detect that activity through query language creation and testing. It is a vital role that directly impacts IBM’s security posture.

Your technical skills will be crucial in finding the delicate balance between enabling and securing our internal systems, utilizing cognitive solutions that have contributed to making IBM the fastest-growing enterprise security business globally.

The Cybersecurity Threat Detection Engineer will be responsible for working with all levels of the security program from senior level management to technical rule development engineers and must be able to communicate and present ideas, solutions and evidence using charts and visual workflows.

Required technical and professional expertise

• Use Case development and implementation

• Experienced developing Use Cases in multiple query languages

• Expert in Regular expression

• Knowledge in an industry recognized Security Response Framework

• Proficient in rule creation and modification

• Strong understanding of reference sets, reference tables, reference maps and how they interact with rules

• Proficient in query language searching.

• Broad experience in computer and network systems, including IT security.

• Experience in developing, deploying, and operating applications, software, and services.

• Leadership to drive best practices across organizations.

• Experience in collaboration and unifying business areas to ensure business needs are met.

Preferred technical and professional experience

• Proficient in Microsoft MDE/Crowdstrike Falcon/Uptycs/Cortex XSIAM rule creation and modification

• Relevant industry recognized certifications (Sec+, Network+, CySA+, CCNA, Linux+, etc.)

• Strong understanding of networking protocols.

• Experience with programming or scripting languages is a plus.

• Experience with SIEM tools is a plus.