Security Operations Center Engineer

Introduction

At IBM Infrastructure & Technology, we design and operate the systems that keep the world running. From high‑resiliency mainframes and hybrid cloud platforms to networking, automation, and site reliability. Our teams ensure the performance, security, and scalability that clients and industries depend on every day. Working in Infrastructure & Technology means tackling complex challenges with curiosity and collaboration. You’ll work with diverse technologies and colleagues worldwide to deliver resilient, future‑ready solutions that power innovation.

With continuous learning, career growth, and supportive culture, IBM provides opportunities to build expertise and shape the infrastructure that drives progress.

The SOC Engineering team is focused on advancing how security operations function—making detection and response faster, smarter, and more scalable. While SOC Operations handles real‑time monitoring, this team engineers the systems, detections, and workflows that power effective security outcomes.

As a Security Engineer – SOC Engineering
, you’ll help build and optimize next‑generation detection and response capabilities. Key areas include SIEM and detection engineering, automation, AI‑driven security, telemetry integration, and analyst enablement.

• Manage and optimize SIEM platforms, including ingestion, parsing, correlation, and performance
• Build and tune high‑quality detections across SIEM, EDR/XDR, cloud, identity, and network environments
• Improve signal quality, reduce false positives, and expand detection coverage
• Translate threat intelligence and incident learnings into actionable detections
• Troubleshoot data quality issues, telemetry gaps, and platform performance
  
  Partner with SOC Operations to improve workflows and response effectiveness
• Develop automation and orchestration for triage, investigation, and remediation
• Integrate security tools and data sources into a unified detection ecosystem
• Apply AI to enhance detection, triage, and analyst decision‑making
• Establish detection governance and drive continuous improvement

Bachelor's Degree

• 4+ years of information security experience with strong knowledge of SIEM tools, including administration, configuration, and log analysis
• Hands‑on experience with SIEM components such as building blocks, reference sets, flow data, and network hierarchies
• Broad understanding of security practices including risk management, vulnerability management, threat analysis, auditing, monitoring, and incident response
• Working knowledge of cloud computing, network protocols, and common information security standards/frameworks
• Strong communication skills, high integrity, and the ability to operate independently with sound judgment and professionalism

• 5+ years of information security experience
• CYSA+, GCIH, GCIA, OSCP, CISSP or similar certification