Jobs · Information Technology · Texas

IBM CISO - Cybersecurity Forensic Analyst

IBM · Austin, TX · 3 wk ago
HybridInformation TechnologyFull-time

Role and Responsibilities

IBM’s Cyber Security Incident Response Team (CSIRT) is seeking a high-performing Incident Response Forensic Analyst to support the investigation and response to cybersecurity incidents across the Americas region. In this role, you will work at the intersection of incident response, digital forensics, and threat analysis, partnering closely with responders, threat detection teams, and leadership to investigate security events, preserve forensic evidence, and drive timely containment and remediation. This is a hands-on analytical role requiring the ability to translate complex technical findings into actionable insights, enabling both operational response and executive decision-making.

  • Conduct forensic investigations on endpoint, network, and cloud environments
  • Collect, preserve, and analyze digital evidence in accordance with established standards
  • Support incident response activities, including triage, containment, eradication, and recovery
  • Correlate forensic evidence with threat intelligence and detection signals
  • Ability to analyze disk images, logs, and recovered data
  • Reconstruct attack timelines and identify root cause and impact
  • Document findings and produce clear, defensible reports for technical and non-technical stakeholders
  • Collaborate across CSIRT, SOC, Legal, and Compliance teams as needed
  • Contribute to post-incident reviews and continuous improvement of response capabilities

Key Responsibilities

  • Conduct forensic investigations on endpoint, network, and cloud environments
  • Collect, preserve, and analyze digital evidence in accordance with established standards
  • Support incident response activities, including triage, containment, eradication, and recovery
  • Correlate forensic evidence with threat intelligence and detection signals
  • Ability to analyze disk images, logs, and recovered data
  • Reconstruct attack timelines and identify root cause and impact
  • Document findings and produce clear, defensible reports for technical and non-technical stakeholders
  • Collaborate across CSIRT, SOC, Legal, and Compliance teams as needed
  • Contribute to post-incident reviews and continuous improvement of response capabilities

Preferred Education

Bachelor's Degree Required

Technical and Professional Expertise

  • 3-5 years of experience in Incident Response, SOC and/or Digital Forensics in a global corporate environment

Key Technical Skills

  • Strong digital forensics expertise across endpoints, systems, and network artifacts; experience with industry-standard tools (e.g., EnCase, FTK, Autopsy)
  • Ability to collect, preserve, and analyze evidence while maintaining chain of custody and audit readiness
  • Strong investigative and analytical skills, including correlation of logs, endpoint, and network data to determine root cause and reconstruct timelines
  • Experience operating within incident response workflows and using EDR, SIEM, and detection platforms in active incident environments
  • Understanding of attacker TTPs, with exposure to malware analysis or memory forensics preferred
  • Analysis using EDR tooling such as Crowdstrike or Microsoft Defender for Endpoint (MDE)
  • Basic scripting/automation skills (e.g., Python, PowerShell) are a plus
  • Solid working knowledge of networking topology, technology and tools, such as firewalls, proxies, IDS/IPS, EDR
  • Event analysis and correlation
  • Excellent technical writing and presentation skills

Technical and Professional Experience

  • Demonstrated computer forensic investigations experience
  • Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc
  • Familiarity with enterprise cybersecurity tooling (EDR, SIEM, forensic platforms)
  • Scripting & Automation (Nice to Have)
  • Certifications such as: GCFA, CHFI, GCIH (or equivalent experience, nice to have)
  • Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE)
  • Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure
  • Ability to successfully lead and facilitate information gathering meetings
  • Experience managing small and large scale cyber security incidents

Similar jobs

Machine Operator

CryopakGreater Phoenix Area· 1 mo ago
Manufacturingapply on workforcenow.adp.com

Machine Operator

Yamaha Motor Corporation, USAMilwaukee, WI· 2 wk ago
Manufacturingapply on careers.yamaha-motor.com

Machine Operator

Rusken Packaging, Inc.Harrisburg, AR· 15 mo ago
Managementapply on rusken.com

Machine Operator

Rusken Packaging, Inc.Olive Branch, MS· 15 mo ago
Managementapply on rusken.com