IBM CISO - Cybersecurity Forensic Analyst

IBM's Cyber Security Incident Response Team (CSIRT) is seeking a high-performing Incident Response Forensic Analyst to support the investigation and response to cybersecurity incidents across the Americas region.

In this role, you will work at the intersection of incident response, digital forensics, and threat analysis, partnering closely with responders, threat detection teams, and leadership to investigate security events, preserve forensic evidence, and drive timely containment and remediation.

This is a hands-on analytical role requiring the ability to translate complex technical findings into actionable insights, enabling both operational response and executive decision-making. The successful candidate will demonstrate strong technical depth, investigative rigor, and the ability to operate effectively in high-pressure environments.

Key Responsibilities:

-Conduct forensic investigations on endpoint, network, and cloud environments

-Collect, preserve, and analyze digital evidence in accordance with established standards

-Support incident response activities, including triage, containment, eradication, and recovery

-Correlate forensic evidence with threat intelligence and detection signals

-Ability to analyze disk images, logs, and recovered data

-Reconstruct attack timelines and identify root cause and impact

-Document findings and produce clear, defensible reports for technical and non-technical stakeholders

-Collaborate across CSIRT, SOC, Legal, and Compliance teams as needed

-Contribute to post-incident reviews and continuous improvement of response capabilities

'- 3-5 years of experience in Incident Response, SOC and/or Digital Forensics in a global corporate environment

• Key Technical Skills
• Strong digital forensics expertise across endpoints, systems, and network artifacts; experience with industry-standard tools (e.g., EnCase, FTK, Autopsy)
• Ability to collect, preserve, and analyze evidence while maintaining chain of custody and audit readiness
• Strong investigative and analytical skills, including correlation of logs, endpoint, and network data to determine root cause and reconstruct timelines
• Experience operating within incident response workflows and using EDR, SIEM, and detection platforms in active incident environments
• Understanding of attacker TTPs, with exposure to malware analysis or memory forensics preferred
• Analysis using EDR tooling such as Crowdstrike or Microsoft Defender for Endpoint (MDE)
• Basic scripting/automation skills (e.g., Python, PowerShell) are a plus
• Strong understanding of Windows, Mac, and Linux operating systems
• Solid working knowledge of networking topology, technology and tools, such as firewalls, proxies, IDS/IPS, EDR

Event analysis and correlation

Excellent technical writing and presentation skills

• The ability to work independently and effectively, as well as in a group setting required.

Preferred technical and professional experience

'- Demonstrated computer forensic investigations experience

• Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc
• Familiarity with enterprise cybersecurity tooling (EDR, SIEM, forensic

platforms) Scripting & Automation (Nice to Have)

• Certifications such as: GCFA, CHFI, GCIH (or equivalent experience, nice to have)
• Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE)
• Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure
• Ability to successfully lead and facilitate information gathering meetings
• Experience managing small and large scale cyber security incidents

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

The Office of the CISO has the responsibility to safeguard not only IBM systems but those of clients we support around the globe. The IBM CISO office is comprised of teams that cover all aspects of security - from Vulnerabilty Management, Threat Detection, Security Operations, Product Security, Mail Security, System Inventory, Endpoint Detection, as well as Computer Security Incidence Response. CSIRT is responsible for maintaining and managing the IBM internal global incident response process for cybersecurity and data privacy cases across IBM.