Praca: Security Architect – Risk Advisor for Security Testing

IBM Security is looking for Security Architect – Risk Advisor for Security Testing which is with the IBM Security business unit-level Chief Information Security Officer (CISO) organization. As part of the larger risk management mission, the primary focus of this role is to define and manage proactive security testing and reporting of metrics on identification and remediation of vulnerabilities for both product and infrastructure related vulnerabilities. The successful candidate must possess sufficient technical and operational security expertise to serve as a subject matter expert (SME) in security testing and implementing mitigation or remediation steps for identified vulnerabilities. The Risk Advisor for Security Testing must be able to work independently in a fast-paced business environment and able to balance ad hoc requests on emerging threats/vulnerabilities with daily routine work.

• Advise IBM Security business unit technical teams on cybersecurity vulnerabilities and emerging threats
• Define and execute IBM Security BU-wide vulnerability testing program in partnership with existing security testing teams and tools that may include testing web applications, internal networks, wireless networks, mobile applications, thick-client applications, embedded applications, hardware, etc.
• Partner with IBM Security Services delivery and infrastructure leadership, product engineering and development teams, and IBM Security CISO to identify appropriate mitigating security controls, remediation plans and improvements based on identified vulnerabilities
• Collaborate with the Security Risk Validation team on their testing of security controls across IBM Security BU to identify any unremediated vulnerabilities
• Collect and document periodic dashboard reporting and metrics demonstrating the vulnerability posture of the organization to executive management
• Document security testing processes and program activities to ensure a high quality, repeatable program
• Stay current on changes to technology, emerging security threats, internal IBM policy and standards, relevant regulatory requirements, and evaluate potential impacts on identified risks and security controls as well as suggest modifications to the BU risk management program

• 5+ years of direct information security operations experience, preferably roles within penetration testing (red team/blue team testing), threat management and/or incident response teams
• 3+ years direct experience implementing and operating security testing tools such as Nessus and leveraging OWASP Top 10, SANS Top 20 Critical Security Controls, NIST Vulnerability Database (NVD) and CVE scoring within security testing programs
• 3+ years experience managing computing environments in compliance with Corporate IT Security and other regulatory/standards requirements
• 3+ years of demonstrated leadership and project management abilities
• Proactive learning and awareness of emerging cybersecurity threats and mitigating technologies
• Strong communication, technical writing and presentation skills with experience editing technical documents for technical accuracy, clarity and business impact
• Strong analytical skills with ability to manipulate reporting metrics in to meaningful observations
• Ability to work independently as well as part of a larger team to drive completion of tasks within a fast-paced, dynamic, global team
• Bachelors degree in Management Information Systems, Computer Science or related field
• Fluency in English

• 5+ years of direct information security operations experience, preferably roles within penetration testing, threat management and/or incident response teams
• 3+ years experience managing computing environments in compliance with IBM Corporate IT Security requirements
• 1+ years experience writing information security policy, process, and procedure documents
• Prior experience in defining security testing programs and performing security control assessments on systems to validate the results of vulnerability testing and penetration testing type assessments
• Prior experience as part of a software or SaaS engineering and development team
• Prior experience auditing source code for security vulnerabilities
• Prior experience with Agile design and project management methodologies
• Certifications: SANS: CEH, GWAPT or OSCE, OSWE, OSCP or (ISC)2 - CISSP

• Work for the best Security Company in Europe (SC winner 2016) and The Best Mobile Security Solution with IBM MaaS360 2016 SC Magazine Europe Awards
• Trainings and certifications
• Private medical package and insurance package
• Multisport Card
• Working on international projects in multicultural teams
• Good to be an IBMer discounts
• Cinema & trips for IBMers
• Language classes
• Summer camps for children