IBM Product Security Analyst 

India, Kerala, Kochi 

270367792

• Automate product application security scans
• Develop automation to triage security findings
• Coordinate application vulnerability reporting and remediation with development teams
• Monitor ongoing application security posture

Key responsibilities, skills, and knowledge domains of this role:

1. Knowledge of secure development lifecycle inline with industry best practices and global standards
2. Automation tooling skills
3. Project management and communication skills
4. Design, develop and implement database security features and tools to provide a secure environment for the product to be used by customers in the cloud.
5. Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner.
6. Evaluate new technologies and processes that enhance security capabilities. Conducting
   regularly scheduled audits on systems and hosting third-party audits as required in order to
   maintain certifications and compliance certificates.
7. Implement and maintain security policies related to various compliance.
8. Evaluate various authentication, authorization and encryption solutions and collaborate on
   developing and implementing them to make the product more secure, and accessible.
9. Continuously perform vulnerability scanning, risk analysis and security assessments to detect any
   product vulnerabilities and develop and implement intrusion detection controls to prevent any
   intrusions into our systems.

Work with customers to help them resolve their product issues and security related problems or
queries. Seeking individuals with interest in application security and cybersecurity response for new-to-market service.
IBM® Concert® provides generative AI-powered insights that put the customer in control to simplify and optimize operations— across on-premises and hybrid cloud environments.
As part of a multi-national development team, using IBM’s industry-class automation tooling framework and product security incident response process, successful candidates will

• Automate product application security scans
• Develop automation to triage security findings
• Coordinate application vulnerability reporting and remediation with development teams
• Monitor ongoing application security posture

Key responsibilities, skills, and knowledge domains of this role:

1. Knowledge of secure development lifecycle inline with industry best practices and global standards
2. Automation tooling skills
3. Project management and communication skills
4. Design, develop and implement database security features and tools to provide a secure environment for the product to be used by customers in the cloud.
5. Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner.
6. Evaluate new technologies and processes that enhance security capabilities. Conducting
   regularly scheduled audits on systems and hosting third-party audits as required in order to
   maintain certifications and compliance certificates.
7. Implement and maintain security policies related to various compliance.
8. Evaluate various authentication, authorization and encryption solutions and collaborate on
   developing and implementing them to make the product more secure, and accessible.
9. Continuously perform vulnerability scanning, risk analysis and security assessments to detect any
   product vulnerabilities and develop and implement intrusion detection controls to prevent any
   intrusions into our systems.
10. Work with customers to help them resolve their product issues and security related problems orqueries.

Required Technical and Professional Expertise

• 5+ Years of Professional Technology Experience
• Demonstrated ability to organize and structure data
• Demonstrated coding skills in scripting languages (Ruby, Python, PERL, Shell)
• Source and project control (GitHub Enterprise)
• Mastery of at least one programming language (Java, C/C++, C#, Go, JavaScript)
• Working knowledge of Docker and Kubernetes
• Clear technical communication skills

Preferred Technical and Professional Expertise

• Preferred: Working knowledge of CI/CD automation tools, e.g. Tekton, Jenkins
• Preferred: Exposure to security application scanning tools (e.g. SonarQube, Contrast, OWASP Zap, OWASP Dependency Checker)
• Preferred: Exposure to Docker container security scan tools, e.g. Twistlock, Nessus, Trivy
• Preferred: Exposure to application penetration testing