ollaboration and Consultation: Work alongside internal teams and client security staff to ensure remediation efforts are properly prioritized and executed.
Vulnerability Analysis: Analyze test results, identify root causes, and assist clients in creating practical solutions to mitigate risks.
Staying Current: Continuously research and stay updated on the latest security trends, attack vectors, tools, and techniques.
Skills and Expertise
At IBM, we believe cybersecurity is at the core of our clients' digital transformation journeys. Our Penetration Testing team is committed to proactively identifying and mitigating security risks in both on-premises and cloud-based environments. We’re looking for a highly skilled Penetration Tester to join our team, who will use their expertise to simulate cyberattacks, assess vulnerabilities, and enhance the overall security posture of our clients.
Your Role and Responsibilities
As a Penetration Tester at IBM, you will play a critical role in helping clients strengthen their cybersecurity defenses through comprehensive vulnerability assessments and ethical hacking techniques. Your responsibilities will include:
Conducting Penetration Tests: Perform thorough and systematic penetration testing on applications, networks, and infrastructure to identify security vulnerabilities.
Security Assessments: Identify weaknesses in security policies, procedures, and technologies by simulating real-world attacks.
Report Writing: Document findings clearly and concisely, providing actionable remediation advice for security gaps and risks.
Technical Knowledge: Proficient in penetration testing methodologies (OWASP, NIST, PTES), network security protocols, and a deep understanding of web application security and network vulnerabilities.
Tools Expertise: Familiar with penetration testing tools such as Burp Suite, Metasploit, Nessus, Nmap, Wireshark, and others.
Programming & Scripting Skills: Experience with scripting languages (e.g., Python, Bash, PowerShell, or Ruby) to automate tasks or develop custom exploits.
Experience in Exploit Development: Ability to identify and exploit vulnerabilities across different platforms and services (e.g., Windows, Linux, macOS, Web Applications, Cloud, etc.).
Risk Management: Ability to prioritize vulnerabilities based on risk to business operations and present findings to technical and non-technical stakeholders.
Certifications: Industry-recognized certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.
Communication Skills: Strong written and verbal communication skills to clearly articulate technical issues and findings to diverse audiences, including executives, IT teams, and developers.
Required Qualifications
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field, or equivalent work experience.
3+ years of professional experience in penetration testing, ethical hacking, or cybersecurity assessments.
Hands-on experience with different attack techniques, threat modeling, and vulnerability assessment tools.
Preferred Qualifications
Master’s degree in Cybersecurity or a related field.
Expertise in securing cloud environments (AWS, Azure, GCP) and containerized applications.
Familiarity with DevSecOps principles and integration of security testing in CI/CD pipelines.
Experience with incident response and forensic investigations.