Introduction The X-Force Incident Response team (XFIR) helps IBM customers globally with their Digital Forensics and Incident Response needs, whether that's before, during, or after an incident. Proactive projects include running tabletop exercises or helping to improve IR documentation, whereas reactive engagements might involve expert level forensic analysis to quantify Intellectual Property theft, or leading IR activities on one of the biggest data breaches in the world.
Your Role And Responsibilities Note: Requires Australian citizenship due to the requirement to obtain NV1 security clearance (or maintain existing security clearance of equal or higher level).
Many team members are DFIR all-rounders, comfortable with log file analysis at the command line, threat hunting, and presenting incident summaries to executives. Cases range from false alarms to nation-state attacks against critical infrastructure. Collaboration, excellent communication skills, and methodical work are essential.
You should have demonstrated skills in Incident Response, computer intrusion investigations, and a strong foundation in cyber security policies, operations, and best practices. Proficiency with EDR tools, forensic analysis tools such as X-Ways or EnCase, or Velociraptor/UAC for forensic triage is preferred. Familiarity with Windows, Linux, enterprise technologies like Active Directory/LDAP/Entra ID, cloud email, and network devices is also advantageous.
The role may involve late nights, early starts, weekends, or travel at short notice. Benefits include time off in lieu, weekend on-call allowance, and flexible scheduling. The salary is competitive to attract top talent.
Minimum of 5 years of professional experience in:
Incident response, systems administration, disaster recovery, business continuity, computer forensics, or network security. Managing technical security projects as a consultant or security practitioner. Understanding network protocols, devices, security architecture, and system administration for forensics and security operations. Hands-on experience with incident response, forensics, security assessments, and application security tools. Developing enterprise IT risk mitigation and incident response policies. Experience across Windows, Mac, and Unix OS. Preferred Education None
Required Technical And Professional Expertise Concepts and Communication Ability to advise senior clients on incident response processes, maintaining professionalism and clarity under pressure. Deep understanding of information security governance, attacker methodologies, attack lifecycle, Cyber Kill Chain, etc. Effective communication of technical findings to stakeholders. At least three years managing a team of incident responders. Digital Forensics & Incident Response Ability to analyze Windows & Unix systems for evidence of compromise. Proficiency with forensic tools like EnCase, X-Ways, Sleuthkit. Experience with cloud DFIR. Skilled in writing reports for technical and non-technical audiences. Experience hunting threat actors in enterprise networks and cloud environments. Experience with EDR tools. Preferred Technical And Professional Experience Network Forensics Log analysis skills using SIEM/log tools. Packet analysis with Wireshark, TCPdump. Understanding of network protocols, risks, and controls. Familiarity with enterprise applications like Active Directory, Exchange, Office365. Ability to analyze and reverse engineer network data. Remediation services Experience as a trusted IR advisor. Guiding clients on best practices and risk decisions. Success in incident management and project coordination. Proactive services Analyzing client policies and procedures to identify gaps and recommend improvements. Knowledge of security frameworks, standards, and data privacy laws. Experience planning and executing tabletop exercises and incident response plans. DevSecOps Knowledge of operating systems, automation, and administration. Scripting in Python or PowerShell. Experience with data analysis platforms like Splunk/ELK. Proficiency with shell scripting tools. Experience with virtualization and cloud platforms such as IBM Cloud, AWS, GCP, Azure. #J-18808-Ljbffr