Job Description

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

Key Responsibilities

You are the guardian of the digital world, standing at the front lines of cyber defense. Every day, you will

hunt down emerging threats

, using the power of

AI, machine learning, and cutting-edge tools

to stay ahead of attackers. When incidents strike, you will

take command

, leading rapid response efforts to contain breaches, minimize impact, and ensure businesses remain resilient.


But you won't just react--you will

revolutionize security operations

, crafting

automated workflows

that eliminate inefficiencies and strengthen defenses. Your expertise will shape the future, as you

advise clients

on cybersecurity best practices, compliance frameworks like

NIST and

risk mitigation strategies that fortify their enterprises.


With an eye on the horizon, you will

pioneer innovation

, implementing the latest in Threat Intelligence,

cloud security, Zero Trust, AI-driven protection, and OT/IoT security

. And you won't do it alone--you will

collaborate with elite teams

, working alongside

SOCs, vendors, and clients

to build an unbreakable security posture.

Further responsibilities:

Cybersecurity Maturity Assessments (CMM):

Lead cybersecurity maturity assessments based on industry frameworks (NIST CSF, MITRE ATT&CK, ISO 27001, CIS, CMMC). Measures and assesses the maturity of clients' security operations center (SOC). Review/Interview sessions begin covering the assessment domains and will be conducted concurrently with SMEs. SMEs will review, consolidate, compare and produce recommendations to improve maturity levels based on identified gaps and industry standards. Findings from SMEs assessment will be communicated to the Stakeholders with a written report based on the results of the analysis providing improvement recommendations.

Provide strategy for Digital Risk Protection

: Provide protection, brand intelligence, and disruption to dismantle external threats to brands, people, assets, and data across the public attack surface.

Geopolitical and Vertical Threats:

Provide trending threats that could be impacting a focused industry and region of business operations.

Advise on Client Value and Security Posture Management

: Providing clients with timely, relevant intelligence improves their security posture and demonstrates a commitment to their cybersecurity needs. Clients benefit from access to cutting-edge threat intelligence, enhancing their trust in the services provided.

On-Demand Threat Intelligence search

: Provide activity or information that is based on a specific use case and/or active or past activity that has affected the organization.

Lead approach for Threat Intelligence Infrastructure Management

: Maintaining the infrastructure required for collecting, storing, processing, and disseminating threat intelligence involves hardware, software, and cloud services.

Threat Intelligence platform management

: Support and manage alerts, tickets and investigations. Policy Alerting

Technical Integration and Intelligence Gathering Approach:

Provide a strategy and technical approach to Threat Intelligence Integration. This integration with SIEM/SOAR systems enables automated alerts and reduces detection times. This includes threat feeds/threat intelligence data lakes. Collect and monitor threat intelligence from various sources, including threat feeds, databases, and open-source intelligence.

Informed Incident Response

: During an active incident, threat intelligence provides context about the attacker's methods and objectives. This allows for faster containment, eradication, and recovery, minimizing potential damage and downtime

Incident Response and Management

: Efficient incident response capabilities, including well-defined procedures, automated response tools, and forensic analysis, are crucial for minimizing the impact of security breaches Provide a Integrating threat intelligence into SOC workflows ensures that analysts are equipped with the tools to combat both current and future threats effectively.

Reporting

: Prepare and present detailed reports on threat intelligence findings to stakeholders, including recommendations for mitigating risks.

Collaboration

: Work closely with other security teams, such as incident response and vulnerability management, to ensure a coordinated approach to threat mitigation.

Liaison

: Develop and maintain relationships with external threat intelligence partners/integrators, including law enforcement and other organizations, to enhance threat intelligence capabilities.

Continuous Improvement

: Stay updated on the latest cyber threats, trends, and best practices to continuously improve the organization's threat intelligence program

Open and dark web analysis and response.

Complete protection, monitoring, and analysis across a broad range of deep and dark web sites, forums, and messaging platforms.

Collaboration and Sharing

: Ensure curated intelligence across SOCs via feeds promotes collaboration and collective defense against common threats. This collective intelligence approach leverages the knowledge and experience of all SOCs to create a more resilient security posture.

Threat Intelligence Lifecycle Management :

Provide management approach and activities; planning, collecting, analyzing, processing, disseminating, and feedback. Transition from reactive to proactive defense cybersecurity strategy with actionable threat intelligence.

Reporting

: Enables creation of reports and presentations that communicate the organization's cybersecurity posture in terms of risk exposure and the effectiveness of security measures for executive management and the board of directors.

Client Value

: Providing clients with timely, relevant intelligence improves their security posture and demonstrates a commitment to their cybersecurity needs. Clients benefit from access to cutting-edge threat intelligence, enhancing their trust in the services provided.

Capabilities:

Enhanced Threat Detection

: Provide a strategy and capability plan leveraging threat intelligence Indicators of Compromise (IOCs) and other threat data, SOC analysts can identify suspicious activities in real-time.

Advanced Threat Detection Technologies

: Provide a strategy to achieve high-performing SOCs leverage Threat intelligence from advanced threat detection technologies such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and behavioral analytics to identify potential security incidents before they can cause significant harm

Proactive Threat Hunting

: Provide a strategy for SOC teams to use threat intelligence to hunt for hidden or dormant threats within their network. With enriched data about adversaries' tactics, techniques, and procedures (TTPs), analysts can preemptively identify and neutralize vulnerabilities before they are exploited. Leveraging curated threat intelligence to detect threats earlier and respond more effectively, minimizing potential damage. This includes identifying and neutralizing threats before they can exploit vulnerabilities within the infrastructure.

Prioritized Response and Risk Assessment

: Threat intelligence helps in prioritizing alerts by identifying high-risk threats that demand immediate action, streamlining response efforts and reducing alert fatigue. Evaluate the potential impact of identified threats on the organization and prioritize them based on their severity.

Strategic Decision-Making

: Decision-makers rely on threat intelligence to allocate resources effectively. Whether investing in new tools or refining existing protocols, the insights gleaned from threat intelligence drive smarter security strategies

Real-Time Threat Monitoring and Analysis

: Continuous monitoring allows for the immediate detection of suspicious activities, while comprehensive analysis helps in understanding the context and potential impact of these activities. Proactively analyze threats that pose risks to the organization, including its employees, assets, and operations.

Who You Are

You are a

highly skilled cybersecurity professional

with expertise in

threat intelligence, security automation, and incident response

. You have a strong

analytical mindset

, a passion for

cyber defense innovation

, and the ability to

communicate complex security concepts

to both technical and non-technical audiences.

Who You Are

Required Skills & Experience

5+ years of experience in

cybersecurity consulting, threat intelligence, and security automation

.

Cybersecurity Maturity Models (CMM):

Expertise in NIST CSF, MITRE ATT&CK, CIS Controls, CMMC, and other security frameworks. Strong knowledge of

risk management, security frameworks (NIST, RMF, etc.), and compliance standards

. Hands-on experience with

AI, machine learning, and automation in cybersecurity operations

. Proven ability to

detect, analyze, and mitigate cyber threats

in a global enterprise environment. Experience working with

Security Operations Centers (SOCs) and cybersecurity tools

. Excellent

communication, collaboration, and problem-solving

skills. Experience conducting security and risk assessments using security frameworks (e.g., NIST, RMF, Common Criteria)

Preferred Skills & Certifications

GIAC Cyber Threat Intelligence (GCTI)

: Validates knowledge in strategic, operational, and tactical CTI

Certified Threat Intelligence Analyst (CTIA)

: Focuses on frameworks and procedures for threat intelligence Experience of Open-Source Threat Intelligence Seach tools and Darkweb/OSINT Advanced certifications (e.g.,

CISSP, CISM, CEH

). Experience with

cloud security, cyber resiliency, and Zero Trust architecture

. Strong

leadership and project management

capabilities.

Your Future at Kyndryl

At Kyndryl, you'll be part of a

global team of cybersecurity innovators

, working with cutting-edge technology to

safeguard digital assets

. With continuous learning opportunities, career growth support, and high-impact projects, you'll play a key role in

shaping the future of cybersecurity

.

Being You

Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you - and everyone next to you - the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way.

What You Can Expect

With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter - wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.

Get Referred!

If you know someone that works at Kyndryl, when asked 'How Did You Hear About Us' during the application process, select 'Employee Referral' and enter your contact's Kyndryl email address.