Security Operations Center – L2 Threat Responder
Join Security Operations Center – L2 Threat Responder role at Kyndryl.
Who We Are
At Kyndryl, we design, build, manage and modernize the mission‑critical technology systems that the world depends on every day. We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.
The Role
The security delivery supports clients in managing their Security Operations and protecting their environments to mitigate security risks (e.g., insider and external threats, intentional and accidental). The position is for an experienced security professional with demonstrated experience within Security Operations, Threat Detection & Response, Security Intelligence, CSM (Continuous Security Monitoring) within the SOC operations environment.
Key Responsibilities
Work in a 24/7 Global SOC Team
Conduct preliminary incident triage according to the Security Incident Management Triage Matrix and set the priority, provide analysis, determine, track remediation, and escape as appropriate.
Utilize intrusion detection, security scanning, security log collection, content filtering, and other security related systems to perform triage and investigation and incident response.
Lead investigations and conduct deep analysis of security events focused on rapid containment, remediation, and mitigation.
Lead in the detection, triage, analysis and response to cyber‑attacks.
Provide insight and expertise to examine malicious code (malware), attack vectors, network communication methods, analyze threats against target systems and networks, determine target network capabilities and vulnerabilities.
Training and mentoring Level 1 peers to improve SOC Analyst capability.
Provide support for security incidents coordination with SOAR platform, providing recommendations for next steps and/or containment activities, by using different communication means.
Ensure the SOC team documentation is up to date, including investigation Playbooks and Standard Operating Procedures as well as incidents have current notes related to investigation steps which were performed.
Cooperate with other Security Analysts and different teams, including Threat Hunting, Threat Intelligence, Red Team, Perimeter Protection in order to improve the SOC monitoring and defense capabilities.
Categorization and prioritization of security incidents
Looking for the correlation between various security events
Your Future at Kyndryl
Every position at Kyndryl offers a way forward to grow your career, from Junior System Administrator to Architect. We have opportunities for Cloud Hyperscalers that you won’t find anywhere else, including hands‑on experience, learning opportunities, and the chance to certify in all four major platforms. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here.
Who You Are
You’re good at what you do and possess the required experience to prove it. Equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer‑focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others.
Required Technical and Professional Expertise
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or other related fields, from an accredited university. Equivalent professional experience can be used in lieu of a degree.
Security analyst experience, preferably in a managed services environment.
Proven experience with operations using commonly used information security solutions (with focus on XSIAM and Sentinel)
Proven technology knowledge of Windows, Active Directory, Linux, SIEM Solutions, Antivirus software, Proxy.
Experience in Cloud Security monitoring and in advanced analytics (UEBA)
Knowledge of the most common and used frameworks (E.g., NIST CSF, ISO2700x, CMM SOC, etc.)
Sound experience on programming languages: Python and/or R and/or PowerShell
Experience in REST API interfaces to support data collection or integration.
Proven knowledge of current security threats, techniques, and landscape, and a dedicated and self‑driven desire to research and learn more about the information security landscape.
Review and triage experience with endpoint detection and response tools
Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.
Strong analytical skills, decision making, being able to work under time pressure, cooperating with other people and using the escalation processes when necessary.
Experience in technical Team coordination/management would be a plus.
Fluent English (written and spoken).
Strong critical thinking and analytical skills and ability to think “out of the box” required.
Must be able to work independently or with a team, under minimum supervision.
Preferred Technical and Professional Experience
MBA or master’s degree
CompTIA Security+, GIAC Security Essentials Certification (GSEC), SIEM & EDR Foundation certificates.
Microsoft, Palo Alto, SANS.org security certifications related to SIEM, EDR products and operations (e.g., Microsoft AZ‑500)
A minimum of 2 years hands‑on experience with one or more of the following areas:
Operation and Implementation of SIEM solutions including XSIAM and Microsoft Sentinel.
Operation and Implementation of Security Automation solutions including thorough knowledge of SOAR (Security Orchestration Automation & Response) technologies.
Design and Implementation of Monitoring strategy including defining data sources monitoring based on clients’ business, knowledge of MITRE Frameworks (ATT&CK, D3FEND), and familiarity with Cyber Kill Chain.
Design and Implementation of Configuration Governance solutions including operationalizing ongoing security configuration governance service using SOC standard methodologies, metrics, KPIs, KRIs, Operational Procedures.
Cyber Network Operations/Penetration Test Methodologies and tools like Metasploit, Kali Linux, Cobalt Strike etc.
Being You
Diversity is a whole lot more than what we look like or where we come from; it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. Our Kyndryl Inclusion Networks are one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way.
What You Can Expect
With state‑of‑the‑art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well‑being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company‑wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non‑profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.
Get Referred!
If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact’s Kyndryl email address.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Project Management, Information Technology, and Customer Service
IT Services and IT Consulting
Referrals increase your chances of interviewing at Kyndryl by 2x
#J-18808-Ljbffr