Security Consultant - UEBA Platform Engineering & Ops

Overview

A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.

You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience

Your Role And Responsibilities

A UEBA (User and Entity Behavior Analytics) Administrator is a cybersecurity professional responsible for deploying, configuring, maintaining, and optimizing UEBA solutions to detect and respond to anomalous user and entity behavior within an organization's network. This role is crucial in identifying insider threats, compromised accounts, and sophisticated attacks that might bypass traditional security measures.

• Key Responsibilities The UEBA Administrator's responsibilities: * Deployment and Configuration: * Installing and setting up UEBA platforms and related components.
• Integrating UEBA solutions with various data sources (e.g., SIEM, Active Directory, network devices, applications, cloud services, endpoint logs) to ensure comprehensive data ingestion.
• Defining and configuring behavioral baselines for users and entities, utilizing machine learning algorithms. * Monitoring and Analysis: * Continuously monitoring UEBA dashboards and alerts for deviations from established baselines.
• Analyzing anomalous activities to determine their risk level and potential impact.
• Investigating security incidents triggered by UEBA alerts, collaborating with SOC teams and other security personnel.
• Performing threat hunting activities using UEBA insights to proactively identify hidden threats. * Rule and Policy Management: * Developing, refining, and implementing correlation rules and policies within the UEBA platform to enhance threat detection accuracy.
• Tuning the system to minimize false positives and ensure high-fidelity alerts.
• Automating response actions where appropriate, such as locking accounts or blocking access. * System Maintenance and Optimization: * Performing regular health checks, upgrades, and patching of the UEBA infrastructure.
• Optimizing the performance and efficiency of the UEBA solution.
• Documenting configurations, procedures, and incident response playbooks related to UEBA. * Reporting and Compliance: * Generating reports on user and entity behavior, detected anomalies, and security posture.
• Assisting with compliance requirements by providing data and insights from UEBA.
• Staying updated with the latest threat landscape and UEBA capabilities.-------------------
  
  

Bachelor's Degree

Required Technical And Professional Expertise

• Required Skills and Qualifications * Technical Expertise: * Strong understanding of UEBA concepts: How machine learning and behavioral analytics are applied to security.
• Proficiency with UEBA platforms: Experience with leading UEBA solutions (e.g., Gurucul UEBA, Splunk UEBA, Exabeam, Fortra, Microsoft Sentinel UEBA, IBM QRadar UEBA).
• Networking Knowledge: Understanding of network protocols, traffic analysis, and common attack vectors.
• Operating Systems: Familiarity with Windows, Linux, and other relevant operating systems.
• Security Information and Event Management (SIEM): Experience with SIEM tools and their integration with UEBA.
• Data Analysis: Ability to work with large datasets, perform data correlation, and extract meaningful insights.
• Scripting/Automation: Knowledge of scripting languages (e.g., Python, PowerShell) for automation and data manipulation is a plus.
• Cloud Security: Understanding of cloud environments and their unique security challenges if applicable. * Analytical Skills: * Critical Thinking: Ability to analyze complex data and identify subtle behavioral anomalies.
• Problem-Solving: Aptitude for troubleshooting and resolving issues related to UEBA systems and security incidents.
• Attention to Detail: Meticulous approach to configuring systems and investigating alerts. * Soft Skills: * Communication: Excellent written and verbal communication skills to articulate technical concepts and findings to both technical and non-technical stakeholders.
• Teamwork: Ability to collaborate effectively with SOC analysts, incident response teams, and other IT departments.
• Continuous Learning: Eagerness to stay abreast of evolving cybersecurity threats and technologies. * Qualifications: * Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
  
  

3-5 yrs exp in managing Gurucul UEBA Platform Administration & Ops

Relevant industry certifications (e.g., CompTIA Security+, Certified Ethical Hacker (CEH), GSEC, vendor-specific UEBA certifications) are highly advantageous. Proven experience in a security operations center (SOC) or a similar cybersecurity role.