Cyber Threat Intelligence & Incident Response Analyst

Cyber Threat Intelligence & Incident Response Analyst

IBM

Antwerp, Belgium

Your role and responsibilities

As a Technical Consultant: Threat Detection Response & Intelligence, you play a vital role in safeguarding an organization's digital infrastructure by identifying, analyzing, and mitigating cyber threats. This position involves using a variety of cybersecurity tools to monitor, prioritize, investigate, and respond to security incidents.

Your primary responsibilities will include:

• Conduct Event Investigations: Investigate security incidents using SIEM, SOAR, EDR, and XDR platforms to identify and analyze potential threats. Apply industry frameworks like MITRE ATT&CK and the Cyber Kill Chain to understand and counter adversary tactics effectively;
• Manage Incident Reports: Prioritize and manage incident reports, providing actionable recommendations and responses to strengthen the client's security posture;
• Analyze Network and Endpoint Events: Interpret security tools and logs from Windows, MAC, and Linux systems to identify potential security threats;
• Engage in Vulnerability Management: Participate in vulnerability management and cyber threat intelligence activities to identify and anticipate potential threats;
• Provide Actionable Recommendations: Deliver recommendations and responses to clients to enhance their security posture and mitigate potential threats.

Required education

• Bachelor's Degree.

Preferred education

• Master's Degree.

Required technical and professional expertise

• Exposure to Cybersecurity Tools: Experience with a variety of cybersecurity tools, including SIEM, SOAR, EDR, and XDR platforms, to monitor, prioritize, investigate, and respond to security incidents;
• Industry Frameworks Application: Experience with industry frameworks like MITRE ATT&CK and the Cyber Kill Chain to understand and counter adversary tactics effectively;
• Network and Endpoint Analysis: Experience with interpreting security tools and logs from Windows, MAC, and Linux systems to identify potential security threats;
• Vulnerability Management: Experience with vulnerability management and cyber threat intelligence activities to identify and anticipate potential threats;
• Security Incident Response: Experience with conducting event investigations, managing incident reports, and providing actionable recommendations and responses to strengthen security posture.

Preferred technical and professional experience

• Deep Understanding of Network Fundamentals: Experience with network protocols, devices, and architectures is beneficial for identifying potential security threats and analyzing network events;
• Familiarity with Cloud Security: Exposure to cloud security platforms and technologies can enhance the ability to monitor, prioritize, investigate, and respond to security incidents in cloud-based environments;
• Knowledge of Scripting Languages: Familiarity with scripting languages such as Python, PowerShell, or Bash can aid in automating tasks, analyzing data, and creating custom tools for threat detection and response;
• Experience with Tenable One Exposure Management Platform, Tenable Cloud native application protection platform (CNAPP) or Tenable Vulnerability Management;
• Experience in large, complex or regulated environments (e.g. government, defence, critical infrastructure);
• NATO security clearance is a plus (but no hard requirement).