Introduction
In this role, you’ll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world.​ Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.
You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.
Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you’ll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
As an Application Security Specialist you will:
· Conduct security assessments on all web-based applications and products.
· Identify, analyze, and prioritize security vulnerabilities.
· Develop and implement remediation plans for identified vulnerabilities.
· Conduct regular vulnerability assessments and penetration testing.

Required Technical and Professional Expertise

1. Experience in AppSec toolchain. Eg:- Burp Proxy, ZAP, Checkmarx, Synopsys etc etc.
2. To help product team to implement/integrate Security tool set into DevSecOps CI/CD (Jenkins) pipeline.
3. Should be familiar with Secure-SDLC phases.
4. Hands-on to perform both white & grey box AppSec test in Static Application Security Testing(SAST), Dynamic Application Security Testing(DAST), S/W composition analysis (SCA), S/W dependency scanning.
5. Acquaint in AppSec posture management, Review Security Vulnerability Reports & false positive analysis.
6. Manual Configuration & System Integration reviews.
7. Expert in Manual & tools-based penetration testing experience (Grey & Black Box) for Applications, APIs, and report findings with fix remediations & recommendations to dev team.
8. Solution Outline / Architecture Design Reviews with Architect & Product team to suggest solutions for secure architecture.
9. Threat Modelling Analysis & Access Model reviews.
10. Good in OWASP Standards & guideline, Guiding development team for Secure Coding best practices & verification.
11. Capable of executing Secrets, Container & IaC Scanning
    Proj Management & Soft skills
    Handling Jira tool & align with Agile Sprints, Weekly & monthly reporting.
    Good Communication skills to support geo-diverse teams includes Dev/Product team, Infosec and management.
    Self-learn and pro-active to drive security team and Self-managed to prioritize individual task.Understanding complex cloud, on-prem, hybrid & multi cloud architectures, and latest implementations like Microservices, AI BOTs & IOT to secure architecture etc.
    AWS Cloud certification preferred or Knowledgeable in Cloud & On-Prem architectural solutions MS-AZURE or Google Cloud & additionally SAP, Salesforce etc.

Preferred Technical and Professional Expertise
N/A