Job description

Introduction The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an engineer to the Analytics and Data Exploitation team. The Platform provides the technology, services and expertise required by IBM’s Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Innovation and Remediation, Security Operations Centers and Command Centers teams to deliver enterprise-wide security to one of the world’s most established technology companies. We process tens of billions of events per day, meaning effective analysis and data exploitation practices are critical to our success. This is a technical position within the Analytics and Data Exploitation team who employ commercial, open source and in-house developed tools to deliver critical cybersecurity services such as event processing, automation, complex analytics and support to digital investigations. This role operates across our development, test, pre-production and production networks to create, maintain and improve our services –an important component of which is fault-finding and the ability to work within complex, dynamic environments. The right candidate thrives in high-pressure situations and has practical experience working with Big Data technologies –such as Spark, Hadoop and Elasticsearch. The role requires a proven, practical knowledge of container orchestration technologies –specifically Kubernetes and RedHat OpenShift. The work will include the design and optimization of container-deployed systems, as well as the day-to-day engineering and administration of the orchestration environment. This includes cluster management, Pod assignment / configuration, application virtual routing, security, container image registry management and optimization of the runtime engines. Wider knowledge of data ingestion, extraction, transformation and loading technologies is important - including Streamsets and Flink. The role is rounded-out by some software development tasks – all related to cyber security. These will involve Java, SQL, Python and automation scripting so experience with DevSecOps methods is highly advantageous. The Platform team employs hybrid cloud hosting and this includes provisioning, administration and management of services within environments spanning IBM Cloud, Amazon Web Services and Microsoft Azure. About The Team The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an Email Security Engineer to the team. The CSOP provides the technology, services and expertise required by IBM’s Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Remediation, Security Operations Center and Command Center teams to deliver enterprise-wide security to one of the world’s most established technology companies. Job Duties Your role and responsibilities • Contribute to the day-to-day work that supports our critical cybersecurity analysis and data processing workflows • Protect organization against phishing, spoofing, malware, and advanced threats while maintaining user experience and compliance • Familiarity with Exchange, ProofPoint Email Solutions, Powershell, Azure, and M365 suite • Design, implement and maintain secure email solutions within the Microsoft 365 tenant and related servces • Moniotr and respond to email-related security incidents, phishing attempts, and compromise events • Support the team leadership to improve overall exploitation of technologies that best serve our requirements • Partner with CIO and CISO teams to develop email security policies, rules, and playbooks • Work as part of a deeply technical, passionate team of engineers to tackle significant IT challenges Preferred Education Bachelor's Degree Required Technical And Professional Expertise • 3 or more years’ experience in an email security engineer or similar role • Experience with Microsoft 365 Exchange or Proofpoint email solutions • Hands on experience with SPF, DKIM, and DMARC configuration and rollout at an enterprise level • Experience with (or a proven aptitude for) working within a fast-paced environment where the success criteria are defined by external factors. This includes having to change course quickly, based on the evolving needs of a complex and dynamic environment • Strong experience with incident response processes for phishing and email-based threats • Experience with IBM Cloud, AWS, Azure or similar cloud environments • Strong understanding of email protocols ISMPT, IMAP, POP3) and security controls • Familiarity with SIEM tools for monitoring and automation on email threats • Excellent problem-solving, communication, and documentation skills Preferred Technical And Professional Experience • Experience with secure email gateways (Proofpoint, M365, etc) • Microsoft certification • Knowledge of zero trust frameworks and modern authentication methods (MFA, conditional access) • Familiarity with cloud-native security tools (Sentinel, Defender, XDR) • Understanding of email encryption solutions (TLS, S/MIME, PGP) • Experience in large enterprise environments with hybrid Microsoft Exchange deployments • Ansible experience is a strong advantage

Requirements