Security Tech Lead

  • Software Engineering
  • Professional

Security Tech Lead

  • Software Engineering
  • Professional

Introduction
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.

Your Role and Responsibilities
The IBM Sustainability Software team is looking for a technical, talented, innovative and enthusiastic Security and Compliance Tech Lead to lead and drive compliance, security awareness, training, applying best practices for secured development. Security is something that every development team needs to incorporate into every phase of their product development life cycle and the Security and Compliance Focal is expected to ensure security is built into the design, planning, implementation, and execution of our products.

The Security and Compliance Tech Lead should continuously consider the attack vectors and security weaknesses within the product offering and provide solutions to remediate those weaknesses. Should be Technical with understanding of Micro-services architecture, SaaS, Cloud Security and Infrastructure; Must collaborate with all stakeholders to drive security solutions; Must possess a growth mindset to keep up with the changing security landscape.

Required Technical and Professional Expertise

  • Overall experience 8+ yrs with 5+ yrs of working experience with designing/building SaaS offerings and 3+ yrs as a security technical lead
  • Domain expertise in cloud software and infrastructure technologies.
  • Very good understanding in penetration testing methodologies and exploits (web apps, containers, APIs, databases, operating systems, cloud technologies, etc).
  • Ability to communicate highly technical aspects to Executives, IT staffs, CISO team, auditors.
  • Experience with various scripting languages (Shell, Python, Bash, etc.).
  • Familiarity with OWASP Top Ten, NIST, CIS and MITRE ATT&CK
  • Demonstrated experience in successful driving & execution of compliance programs for common IT security stds/regulations.
  • Access Management – understand the concepts of need to know, least privilege, individual accountability, privilege access monitoring, access revalidation, etc.
  • Vulnerability Management – be able to regularly scan your systems and remediate any vulnerabilities found within required time frames
  • Data Protection – understand the types of data your services deal with and have measures in place to protect that data (e.g. encryption, file permissions, etc.)
  • Configuration Management – understand how to securely harden a system or application upon deployment.


Preferred Technical and Professional Expertise

  • Certifications / Credentials – CISSP (preferred), CCNP/CCIE (preferred), CCSP, CISA/CRISC/CISM.
  • Common Attack Patterns – know what the common attack vectors facing the industry (e.g. CWE 25 or OWASP Top 10), be able to describe an attack with an example, describe what a successful exploitation/impact looks like, and what best practice remediation is.

IBMerについて知りたい場合


About IBM

IBM’s greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.

Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we’re also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business.

At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it’s time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.

職種の概要

希望に沿うポジションがない場合

IBMの人材ネットワークにご参加ください。新たな職種をご紹介します。