IBM CISO - Cybersecurity Forensic Analyst

Introduction The Office of the CISO has the responsibility to safeguard not only IBM systems but those of clients we support around the globe. The

IBM CISO

office is comprised of teams that cover all aspects of security

• from Vulnerabilty Management, Threat Detection, Security Operations, Product Security, Mail Security, System Inventory, Endpoint Detection, as well as Computer Security Incidence Response.

CSIRT is responsible for maintaining and managing the IBM internal global incident response process for cybersecurity and data privacy cases across IBM. We are looking for individuals who bring both technical depth and professional discipline—those who can dig into the evidence, uncover the story behind an incident, and communicate it clearly to drive action. Your role and responsibilities IBM's Cyber Security Incident Response Team (CSIRT) is seeking a high-performing Incident Response Forensic Analyst to support the investigation and response to cybersecurity incidents across the Americas region. In this role, you will work at the intersection of incident response, digital forensics, and threat analysis, partnering closely with responders, threat detection teams, and leadership to investigate security events, preserve forensic evidence, and drive timely containment and remediation. This is a hands-on analytical role requiring the ability to translate complex technical findings into actionable insights, enabling both operational response and executive decision-making. The successful candidate will demonstrate strong technical depth, investigative rigor, and the ability to operate effectively in high-pressure environments.

Key Responsibilities:

• Conduct forensic investigations on endpoint, network, and cloud environments
• Collect, preserve, and analyze digital evidence in accordance with established standards
• Support incident response activities, including triage, containment, eradication, and recovery
• Correlate forensic evidence with threat intelligence and detection signals
• Ability to analyze disk images, logs, and recovered data
• Reconstruct attack timelines and identify root cause and impact
• Document findings and produce clear, defensible reports for technical and non-technical stakeholders
• Collaborate across CSIRT, SOC, Legal, and Compliance teams as needed
• Contribute to post-incident reviews and continuous improvement of response capabilities Required education Associate's Degree/College Diploma Preferred education Bachelor's Degree Required technical and professional expertise
• 3-5 years of experience in Incident Response, SOC and/or Digital Forensics in a global corporate environment
• Key Technical Skills Strong digital forensics expertise across endpoints, systems, and network artifacts; experience with industry-standard tools (e.

g., EnCase, FTK, Autopsy) Ability to collect, preserve, and analyze evidence while maintaining chain of custody and audit readiness Strong investigative and analytical skills, including correlation of logs, endpoint, and network data to determine root cause and reconstruct timelines Experience operating within incident response workflows and using EDR, SIEM, and detection platforms in active incident environments Understanding of attacker TTPs, with exposure to malware analysis or memory forensics preferred Analysis using EDR tooling such as Crowdstrike or Microsoft Defender for Endpoint (MDE) Basic scripting/automation skills (e.g., Python, PowerShell) are a plus

• Strong understanding of Windows, Mac, and Linux operating systems
• Solid working knowledge of networking topology, technology and tools, such as firewalls, proxies, IDS/IPS, EDR Event analysis and correlation Excellent technical writing and presentation skills
• The ability to work independently and effectively, as well as in a group setting required. Preferred technical and professional experience
• Demonstrated computer forensic investigations experience
• Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc
• Familiarity with enterprise cybersecurity tooling (EDR, SIEM, forensic platforms) Scripting & Automation (Nice to Have)
• Certifications such as:

GCFA, CHFI, GCIH

(or equivalent experience, nice to have)

• Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE)
• Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure
• Ability to successfully lead and facilitate information gathering meetings
• Experience managing small and large scale cyber security incidents IBM Systems helps IT leaders think differently about their infrastructure. IBM servers and storage are no longer inanimate
• they can understand, reason, and learn so our clients can innovate while avoiding IT issues.

Our systems power the world's most important industries and our clients are the architects of the future. Join us to help build our leading-edge technology portfolio designed for cognitive business and optimized for cloud computing. In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better. Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background. Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do. Are you ready to be an IBMer? IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world. Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 500 companies relying on the IBM Cloud to run their business. At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world. IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status. IBM offers a competitive and comprehensive benefits program. Eligible employees may have access to: Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being Financial programs such as 401(k), the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long

• term disability coverage, and opportunities for performance based salary incentive programs Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs.

IBM also offers paid family leave benefits to eligible employees where required by applicable law Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences We consider qualified applicants with criminal histories, consistent with applicable law. This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role. IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship. The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year. Job Title

IBM CISO

• Cybersecurity Forensic Analyst Date posted 28-May-2026 Job

ID 116174

City / Township / Village Austin State / Province Texas Country United States Work arrangement Hybrid Area of work Consulting Employment type Regular Contract type Regular Projected Minimum Salary per year 120,000.00 Projected Maximum Salary per year 224,000.00 Position type Professional Travel required No Travel Company (0147) International Business Machines Corporation Shift General (daytime) Is this role a commissionable/sales incentive based position? No