IBM Technical Consultant - Application Security 

Poland, Lower Silesian Voivodeship, Wroclaw 

417303761

This role requires extensive knowledge and experience in identifying and providing recommendations to security risks specific to software applications hosted in AWS & Azure cloud environments in-line with industry standards & best practices. It requires expertise in areas such as secure coding practices, interface review, API security review & threat modeling, security testing techniques, and compliance requirements. You will lead all the technical discussions with application owners & customer stake holders and provide guidance to internal teams in executing security assessments. We are looking for an experienced resource with strong knowledge & skill set to support the application security assessment part pf DevSecOps track.
Required Technical and Professional Expertise
Technical skills:

1. Experience in AppSec toolchain. Eg tools:- Burp Proxy, ZAP, Checkmarx, Synopsys etc etc.
2. To help product team to implement/integrate Security tool set into DevSecOps CI/CD (Jenkins) pipeline.
3. Should be familiar with Secure-SDLC phases, Good in OWASP Standards & guideline and ASVS.
4. Hands-on to perform both white & grey box AppSec test in Static Application Security Testing(SAST), Dynamic Application Security Testing(DAST), S/W composition analysis (SCA), S/W dependency scanning.
5. Acquaint in AppSec posture management, Review Security Vulnerability Reports & false positive analysis.
6. Familiar with IT Policy Framework covers Backup Restoration & Disaster Recovery, Logging monitoring reviews, validate the Configuration & System Integration reviews.
7. Expert in Manual & tools-based penetration testing experience (Grey & Black Box) for Applications, ReST based Web APIs or Web Services, and report findings with fix remediations & recommendations to dev team.
8. Architecture Design / Solution Outline Reviews from security perspective with Architect & Product team to suggest solutions for secure architecture.
9. Threat Modelling Analysis using any of STRIDE / PASTA methodologies or SD Elements.
10. Logical Access Model Review -Good understanding on User access models, RBAC & various authentication & authorization, SSO and Federated identity management, basic of Identity Access Management[IAM], Privilege Access model[PAM].
11. Guiding development team for Secure Coding best practices & verification to suggest Secrets scanning in Product IDE using plugins in Bit bucket/Code repo.
12. Capable of executing Secrets scanning, Container Security using Aqua, Analyse Infrastructure As a Code (IaC) Scanning reports and Terraform & Checkov reports.

Project Management & Soft skills:

1. Handling Jira tool & align with Agile Sprints, Weekly & monthly reporting.
2. Good Communication skills to support geo-diverse teams includes Dev/Product team, Infosec and management.
3. Self-learn and pro-active to drive security team and Self-managed to prioritize individual task.
4. Understanding complex cloud, on-prem, hybrid & multi cloud architectures to ensure the design covered key security aspects and latest implementations like Microservices, AI BOTs & IOT to secure architecture etc.
   1. Knowledge on Enterprise Security Architecture Framework to SABSA, TOGAF, COBIT certifications.
   2. Client-Server, Legacy, Monolithic, Microservices Architecture, Well-Define Architectures in AWS Cloud.
   3. Should have work experience in Migration & Cloud Modernization or digital transformation projects.

AWS Cloud certification preferred or Knowledgeable in MS-AZURE or Google Cloud & additionally SAP, Salesforce etc.