We're looking for a Security Architect to join the IBM webMethods security team. As a Security Architect you will apply your knowledge of Essential Cybersecurity Controls (ECC) and the Cloud Cybersecurity Controls (CCC) in support of hosting and operating our software platforms in designated regions, making them both secure and compliant with the local requirements.
Your primary responsibilities include:
• Develop a complete understanding of webmethod products and technology
• Align organizational security strategy with overall business strategy
• Identify and comminate current and emerging security threats
• Design security architecture elements to mitigate security threats
• Perform or supervise vulnerability testing, risk analyses, and security assessments
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Guide security team
• Effectively collaborate with corporate security teams and application development teams
• Responds to and investigates security incidents and provides thorough post-event analyses
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Evaluate and recommend security tools and best practices
• Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, and participating in professional organizations
• Thorough knowledge of relevant industry security standards, including ISO27001, NIST, and SOC
• Advanced understanding of security protocols, cryptography, and security
• Prior experience and thorough understanding of AWS and Azure architecture
• Prior experience with feature development within a cloud environment
• Prior experience handling design reviews is a plus
• Prior experience in FedRAMP authorization is required
• Obtained cyber security certification like CISSP, CISA and CISM
• Obtained AWS/Azure Security certification
• Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies
