Application Security Consultant

Introduction Introduction At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. To lead in this new era of technology and solve some of the world's most challenging problems. Your Role and Responsibilities IBM Security is looking for an experienced Application Security Specialist for Senior Security Consultant roles to lead and drive a variety of engagements for some of our most important Clients. The successful candidate will perform application security assessments, code reviews, and Software Development Life Cycle (SDLC) security, Secure DevOps consulting in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process and will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security. Projects may include: Performing DevOps tool integration, configuration for SecDevOps Performing code review across a variety of programming languages Performing assessments of SDLC processes Developing testing scripts and procedures Developing and delivering application security training and outreach Creating gap analysis and client improvement program recommendations Other security-related projects that may be assigned according to skills Candidates must have demonstrated experience in successfully completing tasks and delivering professionally written reports for clients. Must have the ability to present findings to technical staff and executives. This promises a fast-paced environment with innovative thinking right at its heart, with a broad range of industries and challenges on offer. IBM Security Services has a global security team of professionals, and we're expanding our services to meet the increase in demand we are seeing across all sectors of industry. Working for IBM you'll be dealing with end-to-end security, with an incredibly varied portfolio that aims to provide and deliver a holistic approach for Security Services . Be able to: Work unsupervised to deliver client engagements or provide support to as part of a larger team. Build, manage and drive client relationships, becoming a long term trusted advisor for all security matters. Drive innovation and improvement to our existing contracts and offerings to ensure that we are continuously improving. Understanding of wider context of client / contract within both IBM security and the wider business. Will work with other business lines to provide cross-functional solutions. Required Technical and Professional Expertise Experience in IT and / or software development Basic knowledge in common application code review methods and standards Basic knowledge in application developing and coding in modern languages Basic knowledge in OWASP tools and methodologies Basic knowledge in and understanding of HTTP and web programming Basic knowledge in common enabling application security requirements Basic knowledge in standard Software Development Life Cycle (SDLC) practices Container and DevOps experience or solid understanding Preferred Technical and Professional Expertise A successful candidate will likely possess some or all of these qualifications as well: Experience with web application development (e.g. ASP.NET, ASP, PHP, J2EE, JSP) Application security experience with high level programming languages (e.g. Java, C, C++, .NET (C#, VB)) Experience in software development projects Understanding of threat modelling and security risk assessment Understanding of vulnerability scanning tools (e.g. Qualys, Nessus, Nexpose, Saint) Knowledge and understanding of web application vulnerability scanning tools (e.g. IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro) Experience with static analysis tools (e.g. IBM Appscan Source, HP Fortify) Familiarity with interactive and automated penetration testing OSCP, CEH, OSWE, OSCE, CSSLP or similar certification About Business Unit IBM is a leading provider of enterprise security solutions. Named by industry analysts as a leader in 12 security market segment categories, IBM Security is a multi-billion dollar business that is rapidly growing. In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI and cloud to help clients improve compliance, stop threats, and grow their business securely. Join our global team of IBM Security employees in protecting the world, and helping our clients thrive in the face of cyber uncertainty. Your Life IBM What matters to you when you're looking for your next career challenge? Maybe you want to get involved in work that really changes the world. What about somewhere with incredible and diverse career and development opportunities - where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust - where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible. Impact. Inclusion. Infinite Experiences. Do your best work ever. About IBM IBM's greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries Location Statement For additional information about location requirements, please discuss with the recruiter following submission of your application. Being You IBM IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.