Security Operations Center Engineer
IBM · Austin, TX · 2 wk ago
On-siteInformation TechnologyFull-time
Role Overview
The SOC Engineering team at IBM Infrastructure & Technology focuses on enhancing how security operations function, making detection and response processes faster, smarter, and more scalable. This role involves building and optimizing next-generation detection and response capabilities, including SIEM and detection engineering, automation, AI-driven security, telemetry integration, and analyst enablement.
Key Responsibilities
- Manage and optimize SIEM platforms, including ingestion, parsing, correlation, and performance
- Build and tune high-quality detections across SIEM, EDR/XDR, cloud, identity, and network environments
- Improve signal quality, reduce false positives, and expand detection coverage
- Translate threat intelligence and incident learnings into actionable detections
- Troubleshoot data quality issues, telemetry gaps, and platform performance
- Partner with SOC Operations to improve workflows and response effectiveness
- Develop automation and orchestration for triage, investigation, and remediation
- Integrate security tools and data sources into a unified detection ecosystem
- Apply AI to enhance detection, triage, and analyst decision-making
- Establish detection governance and drive continuous improvement
Required Education and Experience
- Bachelor's Degree Required
- 4+ years of information security experience with strong knowledge of SIEM tools, including administration, configuration, and log analysis
- Hands-on experience with SIEM components such as building blocks, reference sets, flow data, and network hierarchies
- Broad understanding of security practices including risk management, vulnerability management, threat analysis, auditing, monitoring, and incident response
- Working knowledge of cloud computing, network protocols, and common information security standards/frameworks
Preferred Education and Experience
- 5+ years of information security experience
- CYSA+, GCIH, GCIA, OSCP, CISSP or similar certification