Identity Threat Detection & Response (ITDR) Consultant

**Introduction** A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences. **Your role and responsibilities** We're looking for an experienced ITDR/AD Consultant will lead the operations and continuous improvement of the Identity Threat Detection and Response (ITDR) platform for Active Directory environment. The consultant will ensure secure configuration, timely response to identity-related threats, and maintenance of a disaster recovery posture in line with business continuity and security standards. * Serve as the SME and primary administrator of the ITDR platform, ensuring full operational integrity and optimization. * Lead the platform configuration and customization, like domain controller integration, alerting logic, GPO compatibility, and baseline policy setup. * Implement, tune, and validate detection rules, based on evolving TTPs and threat intelligence. * Manage alert governance, suppression rules, watchlists, and relevance thresholds to reduce false positives and alert fatigue. * Conduct daily/weekly system maintenance tasks * Oversee version upgrades, configuration change management, and rollback plans. * Define integration requirements for SIEM, SOAR, and ticketing systems, ensuring seamless interaction between these platforms. * Document all security, backup, and access control requirements for the ITDR platform. * Coordinate with SOC, Threat Intel, and Incident Response for alert correlation and enrichment. * Drive quarterly platform posture reviews, presenting detection effectiveness, coverage gaps, and tuning metrics. * Maintain and author ITDR operational playbooks, SOPs, and tuning guidelines. * Support audit readiness, compliance reviews, and internal stakeholder reporting. **Required technical and professional expertise** * 6+ years in cybersecurity with strong exposure to Active Directory security or Identity-centric threat detection. * Hands-on experience administering and configuring security platforms or tools related to AD monitoring, identity threat detection, or security analytics * Deep understanding of Active Directory and Windows authentication mechanisms. * Strong grasp of identity-based attack techniques and MITRE ATT&CK TTPs relevant to AD. * Proficiency with SIEM or SOAR integrations and understanding of event correlation * Experience in security policy creation, technical documentation, and reporting * Experience with ITDR solutions such as Semperis is highly preferred. Familiarity with other similar platforms (e.g., SentinelOne Singularity Identity Posture Management, or equivalent) will also be considered a strong advantage **Preferred technical and professional experience** Preferred Certifications * GCWN, GDAD * Any ITDR platform administration certifications is a plus * Identity and Access Management certifications IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.