Okay, I'm going to take a slight divergence from the normal content of this blog to reach out to all of you, my loyal readers...according to Google Analytics, both of you. =D
Anyway, as you may or may not know, by day I am an incident analyst for the IBM ISS Emergency Response Services (ERS) team...and we're looking to expand. By that I mean add qualified members to our team. And not just here in the US, but also in Australia, AsiaPac, Japan, and EMEA.
So you're probably wondering what we do...good question. In short, we respond to incidents on an emergency basis. The basic idea is that we get a call, from a current (or soon-to-be) customer and we triage the incident and deploy the necessary assets. Each team member has a jump kit of equipment, both hardware and software (plus our tools of our own choosing), and we arrive on-site to assist the customer in resolving the incident, through incident management, data collection and analysis, and pretty much whatever else we need to do. In many cases, we collect data and return to the lab to perform analysis.
We also do Visa PCI forensic audits, as well. In addition, we have subscription customers that we service, as well, with on-site visits, training, CSIRP development, mock incidents, etc.
Of course, there's all the other stuff that goes along with this kind of work...report writing, keeping track of expenses and billable hours. I guess a lot of that is to be expected, but I thought I'd mention it anyway.
So what we're looking for is someone with experience in incident response (beyond just running an AV scanner, or just wiping the drive...), volatile data collection and analysis, forensic acquisition and analysis, documentation and justification of activities, reporting, and customer interface. All of these things are important in what we do.
If you think that this is something you'd be interested in, please feel free to send me a copy of your resume here or here.
Finally, this is NOT a sub-contractor opportunity...this is a full-time employment position.
3 comments:
I've been a silent reader of your blog for a while now and I didn't know you were fellow IBMer. I'm in Tivoli Services implementing TSOM, TCIM and TSIEM. Head over to http://xavier.ashe.com if you need another feed in your blogroll.
It's good to know that ISS is still growing. You guys good great work.
Xavier,
Thanks for dropping by...nice blog, by the way, really enjoyed reading through it. I'll definitely add it to my list...
PS you will also get to work with me, the famous Cory Altheide.
Post a Comment