Job Description

IBM X-Force IRIS offers assistance and advice to our clients whenever they have an incident. We help our clients identify, contain and control the threats and enable them to return to business-as-usual as efficiently and effectively as possible.

We needs talented people with technical skills and experience. But we also need people who have a level of client engagement and liaison skill. People who are able to work within a team that is spread across almost every region of Europe and are willing to travel on short notice to help our clients when they need us most.

What we do...


• Incident Response Planning

• Table Top Exercises

• First Responder Training

• Incident Response Playbook Design, Assessment & Review


• Tactical Threat Monitoring

• Threat Hunting


• Incident Response Management

• Incident Response


• Digital Forensics (Log, host, memory, network and traffic)

• Threat Intelligence

Required Personal Skills

• Analytical techniques, critical thinking and problem-solving skills.

• Effective interpersonal skills.

• Strong formal communication skills, both written and oral.

• Effective time management, organisational and continual re-prioritisation skills.

• Ability to effectively collaborate and operate within a team as well as independently.

• Ability to quickly adapt to new technologies and learn new techniques.

• Strong work ethic, self-motivated and reliable, with demonstrable professional conduct to the level expected from a 'trusted advisor'.

Required Technical and Professional Expertise

• IT security and investigations.

• Practical experience of NIST SP 800-61 or similar methodologies.

• Working within teams of investigators on large scale, diverse and complex investigations.

• Proficient in technical writing and verbal communication.

• Experience of contributing to IT Security projects. and a broad understanding of protecting and monitoring enterprise IT.

• Ability to recognise and deal appropriately with potentially confidential and sensitive information.

• Awareness of relevant legislation and familiarity with working within EU and international legislative and regulatory frameworks.

Preferred Tech and Prof Experience

• Ability to collaborate on multiple ongoing priority incidents and projects.

• Presentation skills, able to articulate and present to a broad audience from technical experts to the board room.

• Detailed knowledge of current forensic and IR tools, techniques and procedures (TTPs) with an understanding of underlying principles such as 'Chain of Custody'.

• Awareness of current and emerging targeted threat intrusion scenarios.

• Working with SOC, digital forensic or incident response operations.

• Open source intelligence (OSINT) and research ethics and techniques.

• Risk and threat assessment techniques and taxonomies such as Kill Chain analysis, Diamond Model and STIX.

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.