**Introduction** In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology **Your role and responsibilities** * Analyze and triage security incidents to determine their severity and impact on Infrastructure systems. * Primary point of contact for Cyber Security Incident response in the Cyber Security Escalations team. * Provide a first point of contact for L3 security escalations from the SOC team, ensuring a thorough review, escalation **Required technical and professional expertise** * Conduct in-depth analysis of security events, collaborating directly with different stakeholders to escalate and thoroughly investigate incidents. * Participate in Security Incident Response Team in the identification, containment, eradication, and resolution of security issues, This involves understanding the scope, impact, and root cause of incidents to tailor the response effectively, Collaborate with SOC teams to ensure effective incident response and continuous improvement. * Assist in the development and refinement of SOC processes, procedures, and playbooks, Create and maintain incident reports, documenting findings, actions taken, and lessons learned **Preferred technical and professional experience** * Stay current with emerging threats, vulnerabilities, and security technologies to proactively protect the organization. Notify Client of incident and required mitigation works. * Track and update incidents and requests based on client’s updates and analysis results. Good understanding on Phishing email analysis and their terminologies * * Having knowledge on EDR solutions (Preferred CrowdStrike), Participate in regular SOC team meetings and provide input on improving security posture. Communicate vertically and horizontally to keep stakeholders informed and involved on Security Operations matters