Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

IBM Security Consultant 
Brazil, São Paulo, São Paulo 
646533311

25.11.2024

In this role, you’ll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world.​ Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

Your Role and Responsibilities
As a Security Consultant, you’ll provide excellent technical guidance to customers transforming their environment to increase their cryptography assets in to a Post Quantum Computing higher level of compliance. You will provide best practices on secure foundational to cloud and on premisses development practices implementations, automated provisioning of infrastructure and applications, cloud-ready application architectures, and more. You’ll provide prescriptive guidance in ensuring customers receive the best of what we can offer and you will ensure that customers have the best experience in migrating, building, modernizing, and maintaining applications on a multi cloud environment. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will have high visibility at the most senior levels of customer organizations, including frequent interaction with CIOs, CISOs, CTOs, their staff, and senior leadership.
Required Technical and Professional Expertise

– Design implement and transform the clients development life cycle in line with a developed maturity roadmap focused on reducing enterprise risk through Threat Modeling.
– Design and implement solutions that meet complex requirements and consistently meet client expectations.
– Expertise designing and building security capabilities in scripts and code; and deploying infrastructure in code, always bringing a vision on how to approach a higher level of maturity on Crypto Agility practices and methodology.
– Design, develop, test, implement and advise the customer on various elements of a technical solution.
– Engage in business development and proposal generation activities.
– Understand enterprise security solutions such as WAF, IPS, Anti-DDOS, and SIEM.
– Demonstrated understanding what it means to draw out customer needs and deliver practical outcomes addressing those needs.
– Understanding architectural implications of meeting industry standards such as PCI DSS, ISO 27001, CNSA Suite 2.0 and NIST frameworks.
– Familiarity with SCA, SAST, DAST and IAST tools.
– Strong understanding of application security frameworks (e.g., OWASP Top 10, NIST) and ability to apply them in real-world environments.
– Familiarity with DevSecOps practices, including how security integrates into CI/CD pipelines and secure software development lifecycles (SDLC).
– Knowledge of programming languages (Java, Python, .NET) and a good understanding of common security vulnerabilities like SQL Injection, XSS, CSRF, etc.
– Experience with application security tools (OpenText Fortify, Veracode, Checkmarx, Synopsys or similar solutions).
– Help to create security architecture systems that protect against any exposures or attacks.
– Help to prioritize vulnerabilities patches and cryptograph approaches to ensure higher level of maturity.
– Knowledge of cryptographic primitives and how to use crypto toolkits securely.
– Understanding of systematic encryption, public key encryption, digital signatures and message authentication codes.
– Knowledge of NIST standards and recommendations for classical and post-quantum algorithms.
– Knowledge of public-key and symmetric algorithms (such as AES-256, RSA, ECDSA) and their respective risks and vulnerabilities in post-quantum scenarios.
– Knowledge of hash-based signatures (LMS and XMSS) for software and firmware signing.
– Ability to develop and implement a crypto-agility strategy that allows for a fast and effective transition between cryptographic algorithms as threats and technologies evolve.
– Understanding of the basic concepts of quantum computing, such as superposition and entanglement, and the associated security challenges.
– Experience with network security, encryption of data in transit and at rest, and protection of critical infrastructures.
– Experience in quantum security risk assessment and mitigation planning.