Security Operations Center Engineer
Job Description
At IBM Infrastructure & Technology, we design and operate the systems that keep the world running. From high-resiliency mainframes and hybrid cloud platforms to networking, automation, and site reliability. Our teams ensure the performance, security, and scalability that clients and industries depend on every day. Working in Infrastructure & Technology means tackling complex challenges with curiosity and collaboration. You’ll work with diverse technologies and colleagues worldwide to deliver resilient, future-ready solutions that power innovation. With continuous learning, career growth, and a supportive culture, IBM provides the opportunities to build expertise and shape the infrastructure that drives progress. The SOC Engineering team is focused on advancing how security operations function—making detection and response faster, smarter, and more scalable. While SOC Operations handles real-time monitoring, this team engineers the systems, detections, and workflows that power effective security outcomes. As a
Security
Engineer – SOC Engineering, you’ll help build and optimize next-generation detection and response capabilities. Key areas include SIEM and detection engineering, automation, AI-driven security, telemetry integration, and analyst enablement. What You’ll Do Manage and optimize SIEM platforms, including ingestion, parsing, correlation, and performance Build and tune high-quality detections across SIEM, EDR/XDR, cloud, identity, and network environments Improve signal quality, reduce false positives, and expand detection coverage Translate threat intelligence and incident learnings into actionable detections Troubleshoot data quality issues, telemetry gaps, and platform performance Partner with SOC Operations to improve workflows and response effectiveness Develop automation and orchestration for triage, investigation, and remediation Integrate security tools and data sources into a unified detection ecosystem Apply AI to enhance detection, triage, and analyst decision-making Establish detection governance and drive continuous improvement 4+ years of information security experience with strong knowledge of SIEM tools, including administration, configuration, and log analysis Hands-on experience with SIEM components such as building blocks, reference sets, flow data, and network hierarchies Broad understanding of security practices including risk management, vulnerability management, threat analysis, auditing, monitoring, and incident response Working knowledge of cloud computing, network protocols, and common information security standards/frameworks Strong communication skills, high integrity, and the ability to operate independently with sound judgment and professionalism · 5+ years of information security experience · CYSA+, GCIH, GCIA, OSCP, CISSP or similar certification United States Consulting Professional Multiple Cities