Your Role and ResponsibilitiesWe are looking for a Lead Security Developer highly interested in security and compliance activities of Linux on Z systems.
Your main duties will include following Security Privacy by Design concepts and making sure that the priniciples are followed during the lifecycle of the offering. Work on different complinace activities such as NIST, FIPS, Quantum Safe , HIPAA, FedRAMP, SOC2 etc. You will also work closely with the customers to ensure the software meets their secuirty and compliance standard.
Step in and be part of IBM System Development Lab community, outstanding for its innovation and team spirit, offering one of the broadest project portfolios of hardware and software technologies within the IBM Corporation.
Engineers in our team work inside a highly agile development environment and are responsible for the full software development life cycle – ranging from designing and implementing of the new product features, maintaining industry-leading security and complinace assurance over to continuous product delivery as well as supporting our global customers. You should be thrilled by emerging technologies with our software products for future Mainframe and Cloud-based markets.
Roles & Responsibilities:
- The IBM Z Hyper Protect Servers team is seeking an experienced Lead Security Developer
- As a Security Lead, you will be part of a highly focused, self-managed team that designs, develops and tests secure solutions created for Z Systems workloads and applications.
- Responsible for all aspects of security and compliance activities. Provide feedback to architects regarding any issues that can cause any security and complinace Gaps. Manage projects with various priority levels and timelines from start to finish.
- Demonstrate best practices in all aspects of administration. Leverage various security tools to secure the offerings and make sure offering is adhered to the best security and compliance priniciples.
- Continuously stay abreast of new security and complinace guidelines to ensure more secure offering. Must collaborate with other departments to resolve complex issues and be detail oriented.
- Ability to automate security and complinace solutions to repetitive problems/tasks.
Required Technical and Professional Expertise
- Upto 15 Years of working experience with Security and Compliance activities
- Programming Skills:
- In depth Knowledge of end to end Security and Complinace activities such as Threat Models, Security Privacy by Design.
- Knowledge of Security scanning tools such as Nessus scanner, SonarQube, NMap.
- In depth Security concepts (Includes deep understanding of identity mgmt/authentication, authorization, firewall, auditing, secure communication, managing certificates, password management)
- Excellent presentation and soft skills
- Security Domain Expertize:
- Understand of cryptographic key management and it’s lifecycle and also security architecture.
- In depth knowledge of Hardware Security Modules, PKCS #11 APIs, Trusted Execution Environments, Quantum Safe Algorithms
- Strong English communication skills both written and verbal “
Preferred Technical and Professional Expertise
- General understanding of private /public / hybrid cloud concepts
- In depth understanding of HW servers and server components
- General understanding of open source projects; experience with open source community contribution can be an added advantage
- Indepth Security concepts and hands on experience on Certificate management/authentication, authorization, firewall, auditing, secure communication, password management