IBM

At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.

Your Role and Responsibilities

IBM Security Architects come from many far-ranging disciplines; from networking, system administration, DevSecOps, system engineering, sys admins, security analysts, or software development leaders. IBM Cloud Security architects can come from highly skilled admins with experience across the datacenter and Cloud. Are you ready to take your years of skills and experience with Linux, containers, networking, system-based security measures, and enterprise tools and bring that experience to designing and architecture work. Have you seen the impacts of intrusions, dealt with the month’s long deployments of security tools and the impacts of those deployments? IBM Cloud Security Architects is where you can apply those experiences to create the architecture and designs to thwart the next round of attackers.

Required Technical and Professional Expertise

-              Working knowledge of public and private cloud environments (IBM Cloud, AWS, Azure, or GCP).

-              Understanding of cloud-native services (containers, Kubernetes, serverless, PaaS, IaaS).

-              Familiarity with cloud security domains:

o   Identity and Access Management (IAM)

o   Cryptography (algorithms, PKI, certificates and ciphers)

o   Secure networking (VPC architecture, WAF, CDN, firewall , security groups, protocols, Zero Trust)

o   Storage Solutions (Block, file, and object storage with appropriate protocols)

o Monitoring and auditing cloud resources

- Understanding of regulatory frameworks and compliance standards relevant to cloud services (e.g., NIST 800-53, FedRAMP, PCI DSS, HIPPA,  GDPR, FIPS 140-2/3).

- Experience with secure coding practices and testing to prevent and avoid attacks, such as, http state handling, XSS, OWASP Top 10 risks/vulnerabilities/solutions and frameworks, etc.

-              Hands-on experience with Linux systems (hardening practices, kernel security, SE Linux)

Optional skills

-              Experience on patching and benchmarking (CIS or Stigs) automation via in-house scripting or enterprise tooling.

-              Experience as an admin or superuser on Security Tools such as: DLP, SIEMs, SOAR platforms, vulnerability scanning, DAST, SAST, Privileged ID mgmt., AuthZ solutions, enterprise logging analysis, EDR, any zero trust tools (otherwise known as trusted execution or application whitelisting).

-              Experience with provisioning & provision automation in AWS, Azure, IBM Cloud, Oracle, or Google Cloud (experience can be with compute nodes, storage, database, any of the “as a Service” offerings, integration with on-prem systems for Hybrid cloud, or bare metal systems).

-              Red Team (White hat) pen tester team experience (e.g., Kali, Cobalt Strike, Nmap, BurpSuite, etc.).

-              Technical expertise throughout the software development lifecycle including design, implementation, and delivery (DevOps processes in a Cloud environment).

-              Experience on threat modelling and risk assessments for service designs and architecture changes.

- Validate Infrastructure-as-Code (e.g., Terraform, Ansible) artifacts from a security perspective.

- Exposure to secure software development practices (DevSecOps, security automation in CI/CD pipelines).

-Proficiency in at least one programming or scripting language (e.g., frontend, backend, IaC).