IBM Application Security Specialist 

Romania, Bucharest 

133285897

In this role, you’ll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world.​ Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.As an Application Security Specialist you will:
· Conduct security assessments on all web-based applications and products.
· Identify, analyze, and prioritize security vulnerabilities.
· Develop and implement remediation plans for identified vulnerabilities.
· Conduct regular vulnerability assessments and penetration testing.
Required Technical and Professional Expertise

1. Experience in AppSec toolchain. Eg:- Burp Proxy, ZAP, Checkmarx, Synopsys etc etc.
2. To help product team to implement/integrate Security tool set into DevSecOps CI/CD (Jenkins) pipeline.
3. Should be familiar with Secure-SDLC phases.
4. Hands-on to perform both white & grey box AppSec test in Static Application Security Testing(SAST), Dynamic Application Security Testing(DAST), S/W composition analysis (SCA), S/W dependency scanning.
5. Acquaint in AppSec posture management, Review Security Vulnerability Reports & false positive analysis.
6. Manual Configuration & System Integration reviews.
7. Expert in Manual & tools-based penetration testing experience (Grey & Black Box) for Applications, APIs, and report findings with fix remediations & recommendations to dev team.
8. Solution Outline / Architecture Design Reviews with Architect & Product team to suggest solutions for secure architecture.
9. Threat Modelling Analysis & Access Model reviews.
10. Good in OWASP Standards & guideline, Guiding development team for Secure Coding best practices & verification.
11. Capable of executing Secrets, Container & IaC Scanning
    Proj Management & Soft skills
    Handling Jira tool & align with Agile Sprints, Weekly & monthly reporting.
    AWS Cloud certification preferred or Knowledgeable in Cloud & On-Prem architectural solutions MS-AZURE or Google Cloud & additionally SAP, Salesforce etc.