IBM Senior Software Developer - Security Focus 

Poland, Lesser Poland Voivodeship, Krakow 

391881212

* Design, develop, and optimize software applications using Java and Go, ensuring all code is robust, efficient, and secure.
* Perform comprehensive security assessments and code reviews to uncover potential vulnerabilities and weaknesses in the application code.
* Evaluate security vulnerabilities identified by automated tools, external audits, or internal testing, and apply necessary code changes and patches to address them.
* Champion secure coding standards and best practices within development teams, providing guidance and training on security-related topics.
* Work closely with developers, security teams, and other stakeholders to design and implement secure software solutions, participating in threat modeling, risk assessments, and security architecture reviews.
* Develop and manage security tools and automation scripts to integrate vulnerability checks into continuous integration/continuous deployment (CI/CD) pipelines.

* Strong programming experience in Java or Go (at least 2 years).
* Knowledge of industry standards regarding vulnerability management (i.e., Common Vulnerability Scoring System (CVSS), and Common Vulnerability and Exposures (CVE)).
* Experience with static and dynamic code analysis tools (e.g. OWASP ZAP).
* Knowledge of secure coding practices and frameworks (e.g., Spring Security, JWT, OAuth).
* Knowledge and experience with secure deployment of applications within a cloud environment.
* Knowledge of Agile methodologies.

* Experience in vulnerability management and penetration testing.
* Understanding of cryptographic principles and secure communication protocols.
* Familiarity with container security (Kubernetes, Red Hat OpenShift Container Platform).
* Ability to manage the security vulnerabilities and risks across the organization including identifying, and supporting application/system owners to manage risks and remediate vulnerabilities.
* Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, threat management, and incident management.