Ref: RP805-1963

Job description / Role

Employment: Full Time

At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your Role and Responsibilities

This job role is based out of Al Jubail working onsite with the client.

- Provide initial investigation of security incidents escalated from the SOC L1 Function
- Check for false positive & duplicates
- Provide communication and escalation throughout the incident per the CSIRT guidelines
- Communicates directly with data asset owners and business response plan owners during high severity incidents
- Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets
- Perform analysis of log files and other artifacts to collect more contextual information in order to triage the security threat
- Provide first responder forensics analysis and investigation
- Drives containment strategy during data loss or breach events
- Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
- Works directly with data asset owners and business response plan owners during high severity incidents
- Provide tuning recommendations to administrators based on findings during investigations or threat information reviews
- Collect contextual information and pursue technical root cause analysis and attack method analysis
- Make content determination to treat the alert as a security incident and assign a severity level
- Close or escalate the security incident to the SOC L3/ Advanced Forensics Function
- In certain cases, the alert/incident can be returned to SOC L1 Function with feedback and suggestions
- The resource must have extensive experience in incident handling and reporting ( at least 2 years in a similar role )


Required Technical and Professional Expertise

We are looking for a professional based or willing to relocate to Al Jubail with the following skills :

- Strong Analytical and Problem Solving Skills
- Knowledge of network security zones, Firewall configurations, IDS policies
- Knowledge of systems communications from Layer 1 to 7
- Experience with Systems Administration, Middleware, and Application Administration
- Experience with Network and Network Security tools administration particularly IBM SOAR (Resilient) including integrations, scripting and runbook creation
- Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
- In-depth experience with log search tools such as QRadar, usage of regular expressions and natural language/AQL queries
- In-depth knowledge of packet capture and analysis
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
- Ability to make create a containment strategy and execute
- SOC technical & executive reporting

Preferred Technical and Professional Expertise


- Security Essentials - SEC401 (optional GSEC certification)
- Intrusion Detection In Depth - SEC503 (optional GCIA certification)
- Hacker Techniques, Exploits & Incident Handling - SEC504 (optional GCIH certification)
- OSCP - Pen test With Kali
- IBM QRadar and SOAR certification


- Hacker Guard: Security Baseline Training - SEC464
- Advanced Security Essentials - SEC501 (optional GCED certification)
- Perimeter Protection In Depth - SEC502 (optional GCFW certification)
- Securing Windows and Resisting Malware - SEC505 (optional GCWN certification)

About the Company

For more than six decades, IBM Middle East & Pakistan has played a vital role in shaping the information technology landscape of the region. Today, IBM is part of the region's technological fabric, solving real-world business and societal challenges, through its offices in UAE, Saudi Arabia, Qatar, Kuwait and Pakistan, and also a diversity of centers across the region.

Within the region, IBM currently has groundbreaking initiatives in cloud computing, analytics, mobile, security, as well as nanotechnology, eGovernment, healthcare and many more, collaborating with leading educational institutes and governments. IBM supports hundreds of clients to drive transformation through technology, contributes to regional research & development programs and has an active Corporate Service Corps (CSC) program.

Reinvention is a keyword in the company's history and, today, IBM is much more than a "hardware, software, services" company. IBM is now emerging as a cognitive solutions and cloud platform company.

Get personalised updates on latest vacancies
Job Alerts by Email
  • Personalised updates on latest career opportunities
  • Insights on hiring and employment activity in your industry
  • Typically sent twice a month
Analyst salaries in Riyadh

Average monthly compensation
SAR 14,000

Breakdown available for industries and years of experience