Introduction
A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You'll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you'll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You'll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.
Your Role And Responsibilities
As a Security Specialist you will be the primary owner of the MDR/EDR ecosystem, specifically focusing on the CrowdStrike Falcon platform. You will ensure the health, integration, and operational efficiency of our endpoint defenses. This role acts as the critical link between our internal IBM Managed SOC Team and the CrowdStrike Falcon Complete team, ensuring that security policies are optimized, deployments are seamless, and high-priority threats are addressed with technical precision.
- Act as the primary technical point of contact for the CrowdStrike Falcon Complete team. Validate their findings, coordinate internal remediation efforts, and escalate critical incidents to leadership.
- Monitor the sensor health dashboard to identify and remediate inactive, outdated, or unauthorized agents.
- Conduct regular audits of global and group-level exclusions. Work to minimize the blind spots created by legacy exclusions while tuning out false positives to improve SOC analyst productivity.
- Manage Falcon Fusion workflows and Real-Time Response (RTR) capabilities.
- Configure and maintain prevention policies (e.g Machine Learning levels, Quarantining, Exploitation Mitigation). Fine-tune exclusions to reduce noise while maintaining a high security posture.
- Develop monthly platform reports for leadership, detailing deployment gaps, prevented attacks, and overall Falcon Complete service usage.
- Own the end-to-end health of the Falcon platform, including sensor version lifecycle management, and troubleshooting kernel-level issues.
Preferred Education
Bachelor's Degree
Required Technical And Professional Expertise
- Deep technical experience managing CrowdStrike Falcon (Console management, policy grouping, and sensor troubleshooting)
- Strong understanding of Windows, Linux, and macOS system processes, registry keys, and file systems to analyze malware behavior.
- Solid grasp of how endpoints communicate with other Cybersecurity tools like SOAR/SIEM/EDR/MDR and the cloud, including firewall requirements for sensor telemetry.
- Understanding of common attacker TTPs (Tactics, Techniques, and Procedures) to proactively tune prevention policies
Preferred Technical And Professional Experience
- Experience forwarding Falcon telemetry data to SIEM like IBM QRadar or similar platforms via Event Streams or API.
- Proficiency in PowerShell or Python to automate sensor deployments or query the CrowdStrike API.
- Experience building automated playbooks to bridge the gap between endpoint alerts and SOC response.
- Familiarity with high-compliance environments (e.g., BSP requirements) and rigorous change management processes.
