The Security Architect role focuses on the design of business-driven Information Technology solutions to meet security requirements related to function, protection, assurance, risk management and compliance.
Your Role and Responsibilities
The scope of work includes:
(1) the collection and validation of requirements,
(2) the identification of risks, threats, vulnerabilities, potential anomalous flows and interactions,
(3) the definition of the security processes for assurance, management and compliance,
(4) the definition of security subsystems, and
(5) the design of integration and deployment architectures for security in networks, Infrastructure, middleware, applications and systems & service management systems.
Depending on the area of work, the Security Architect may perform evaluation and selection of the components, design of hardware, software, process and service components of the solution, assurance of deployment architectures, and guide secure engineering practices in development. The employee focuses on individual/team/department/ operational objectives.
Professional knowledge related to incumbent's department or function.
Engaged as an independent professional. Ability to articulate and compare alternatives approaches. Negotiate with specified objectives.
Recognize problems related to project objectives. Creativity and judgment applied to professional technical, or operational problems. Independently generates solutions, based on analytical skills & business knowledge. Challenge the validity of given procedures and processes to enhance and improve or develop complementary adjustments /solutions.
Works on special projects, or leads small teams, or manages routine technical/ operational activities or departments (national or international). Understands departmental mission and vision. Provides advice in technical/operational domain of specialization. Generally, controls own work priorities and methods requiring tradeoffs.
Impact on Business/Scope:
Accountable for individual or team, or department results, and for the impact of the results on functional activities. Participates in overall departmental program planning. Contributes by supporting activities that are subject to business measurements, impact customer satisfaction, or impact immediate costs or expenses.
The role will be responsible for improving the application security stance of the organization, building, integrating, supporting tooling for the automation of tasks, and assisting with compliance audits.
Improve application security stance of the organization
- Static source code analysis
- Vulnerability testing
- Code reviews
- Improve the secure software development lifecycle
- Verifying vulnerabilities in web applications
- Identifying solutions and validating remediation of web application vulnerabilities
Building tools and automating tasks to assist security teams
- Build tools for SOC analysts, malware team, penetration testers, and compliance
- Assist with the maintenance of asset list
- Create tools for SOC reporting and metrics
Required Technical and Professional Expertise
Computer Science or related degree or equivalent work experience
Proficient understanding of at least 5 of the OWASP Top 10. Able to give examples
Proficiency with at least one programming language and web application framework
Understanding of core programming concepts and software design patterns
Experience working with a variety APIs
Soft skills - good written and verbal communication, explaining vulnerabilities, writing reports, coordinating with other teams
Ability to work with a geographically diverse team
Preferred Technical and Professional Expertise
Experience performing vulnerability assessments on source code and live web applications
Experience performing code reviews
Experience with compliance frameworks:
PCI, ISO27001, HIPAA, FedRAMP, SOC2, etc.
Experience building enterprise level web applications
Experience with PHP, Python, and Go web applications
Experience creating and utilizing SOAP and REST APIs
Experience with QRadar, Resilient, JIRA, FireEye, IBM AppScan, Verodin, Demisto, Security Center
Experience building automation software
Participation in security conferences
About Business Unit
Digitization is accelerating the ongoing evolution of business, and clouds - public, private, and hybrid - enable companies to extend their existing infrastructure and integrate across systems. IBM Cloud provides the security, control, and visibility that our clients have come to expect. We are working to provide the right tools and environment to combine all of our client’s data, no matter where it resides, to respond to changing market dynamics.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.