Global Security Consultant - Application Security

IBM - United States3.9

The Global Security Consultant in the global practice should be an advisor and pragmatic management consultant that can speak to the security landscape and have the ability to communicate effectively with senior members of a client management and/or executive teams. The consultant should have a depth of knowledge and experience in Application Security. However, at some level, should be able to speak to the breadth of the security landscape as well. The successful candidate will perform application security assessments, code reviews, and Software Development Life Cycle (SDLC) security consulting in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process. The consultant will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security. Must be willing to travel 75% annually, including international travel.

Core Consulting:
Effective communication and presentation skills
The ability to lead large groups and be a primary facilitator
Demonstrated written skills
Comfortable working in a project based / client serving model
Ability to lead and shape client expectations
Help drive pursuits and engage in complex deals, matching outcomes to expectations
Ability to work easily with diverse and dynamic teams
Ability to work in a matrix management model
Preference for candidates with Secondary language skills

Projects may include:
Performing application vulnerability and security assessments
Performing application security risk assessments
Performing code review across a variety of programming languages
Performing assessments of SDLC processes
Performing threat modeling
Developing testing scripts and procedures
Developing and delivering application security training and outreach
Creating gap analysis and client improvement program recommendations
Other security-related projects that may be assigned according to skills
Candidates must have demonstrated experience in successfully completing tasks and delivering professionally written reports for clients.
Must have the ability to present findings to technical staff and executives.
A successful candidate will likely possess some or all of these qualifications as well:
Application security experience with major programming languages (e.g., Java, C, C++, .NET (C#, VB))
Experience leading software development projects
Experience with threat modeling and security risk assessments

Required Technical and Professional Expertise

At least 3 years experience working on projects related to Application Security
At least 5 years experience in IT and / or software development
Experience in application code review methods and standards
Experience in application development and coding
Experience in OWASP TOP 10 vulnerabilities, tools and methodologies
Experience in and an understanding of HTTP protocol and web programming
Experience in common application security requirements
Experience in standard Software Development Life Cycle (SDLC) practices
Experience working across diverse teams to facilitate solutions
Self-motivated individual with the ability to work in a high-achieving team environment as well as independently
Readiness to travel 75% annually, including international travel

Preferred Tech and Prof Experience

At least 5 years experience in management consulting and systems integration
At least 5 years experience in Application Security
At least 8 years experience in IT and / or software development
Experience with web application development
Familiarity with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
Familiarity with web application vulnerability scanning tools (e.g., IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
Familiarity with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
Familiarity with interactive and automated penetration testing
Experience working in an international deployment role
Experience working with security consulting teams
Certified in CISSP, CEH, and/or CSSLP

EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.