**Who We Are** At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. **The Role** **Key Responsibilities** **1. Security Incident Handling (L3 Technical Expertise)** + Investigate and resolve **escalated security incidents** from L1 and L2 analysts, ensuring thorough analysis and timely closure. + Perform **deep-dive forensic analysis** , including log correlation, network traffic inspection, and endpoint artifact review. + Conduct **Root Cause Analysis (RCA)** for critical and high-severity incidents and contribute to post-incident reviews. + Analyze and validate alerts from **SIEM, EDR, DLP, Email Security, and Cloud Security tools** to differentiate true positives from false positives. + Collaborate with specialized SMEs (EDR, DLP, Email Security, Threat Intel) for **multi-vector incident correlation and resolution** . + Provide recommendations for **containment, eradication, and recovery** aligned with incident response playbooks. **2. SIEM Management and Detection Optimization** + Monitor the **health, performance, and availability** of SIEM infrastructure and connected security sensors. + Review and fine-tune **SIEM correlation rules, parsing logic, and use cases** to enhance detection quality and reduce noise. + Work with **content developers** to onboard new log sources, develop advanced detection logic, and automate response workflows. + Coordinate with **OEM vendors or platform teams** for SIEM upgrades, patching, or issue remediation. + Provide feedback on **detection efficacy, false positives, and rule optimization** to continuously improve SOC performance. **3. Shift Management & Incident Command** + Act as **Incident Manager for the assigned shift** , ensuring effective management of all ongoing incidents. + Supervise and coordinate the shift team (L1 and L2 analysts), ensuring SLA adherence and effective escalation handling. + Conduct **shift handover meetings** , ensuring smooth transition and operational continuity across shifts. + Maintain **accurate shift logs** , incident records, and performance metrics in ITSM tools (e.g., **ServiceNow** , Remedy). + Escalate unresolved or critical issues promptly to the **SOC Manager, CDC Head, or CIRT team** as per escalation matrix. + Track and report key shift KPIs, including response times, escalation trends, and incident closure rates. **4. Governance, Documentation & Continuous Improvement** + Maintain **RCA documentation** , **shift activity logs** , and **incident metrics** for internal and external reporting. + Participate in **governance forums** , **post-incident reviews** , and **lessons-learned sessions** to drive process enhancements. + Review and refine **Incident Response (IR) procedures** , **runbooks** , and **SOAR playbooks** to align with best practices. + Contribute to **audits, compliance reviews, and reporting** as required by internal or regulatory requirements. **5. Team Development & Knowledge Management** + Guide and mentor **L1 and L2 analysts** during investigations, triage, and incident handling activities. + Conduct **technical training sessions** , tabletop exercises, and knowledge-sharing workshops. + Contribute to the **SOC knowledge base** by documenting use cases, playbooks, and threat-handling procedures. + Support the SOC Manager in developing **skill development roadmaps** and assessing team competencies. **6. Collaboration & Stakeholder Engagement** + Coordinate closely with **SIEM Engineers** , **SOAR Developers** , and **SOC Content Teams** to enhance detection and automation. + Work with **Threat Intelligence** , **Vulnerability Management** , and **Incident Response** teams to align detection logic with the threat landscape. + Support cross-functional teams during **major incidents** or **security crisis scenarios** , ensuring consistent communication and command. **Who You Are** + **8+ years** of experience in **Security Operations, Incident Response, or Cyber Defense** , with at least **3 years at L3 or leadership level** . + Strong hands-on expertise in: + **SIEM technologies** (Microsoft Sentinel, Splunk, QRadar, ArcSight, etc.) + **Endpoint Detection & Response (EDR)** tools (Defender for Endpoint, CrowdStrike, etc.) + **DLP, Email Security, and Cloud Security platforms** + **Threat hunting** , **forensics** , and **malware analysis techniques** + Solid understanding of **network protocols, attack vectors, MITRE ATT&CK framework** , and **incident lifecycle** . + Experience using **ITSM tools** (ServiceNow, Remedy) for ticket and incident workflow management. + Strong analytical and investigative skills for **complex threat correlation and RCA documentation** . + Excellent verbal and written communication skills, particularly during major incident handling. **Being You** Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. **What You Can Expect** With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. **Get Referred!** If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address. Kyndryl is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, or other characteristics. Kyndryl is also committed to compliance with all fair employment practices regarding citizenship and immigration status.