Software Developer Security

Key Skills

Agile methodologies, AWS, Azure, Cloud computing, Cloud Security Analytics, Containerization, Debugging, GoLang, Google Cloud Platform (GCP), Java Programming, Kubernetes-K8s, Machine learning techniques, Python Programming, Scala Programming, Scikit-learn, Software Development

Job Description

Introduction

At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.

Your Role and Responsibilities

• Work closely with Offering, Design and Engineering teams to collect and validate various security related requirements.
• Provide the design and architecture of integration and deployment systems for security in Networks, Infrastructure, Middleware, Applications and Systems & Service Management systems.
• Incorporate Security and Privacy by Design in a bottom up fashion in to various parts and components of the product.
• Depending on the area of work, perform evaluation and selection of the components, design of hardware, software, process and service components of the solution, assurance of deployment architectures, and guide secure engineering practices in development.
• Drive and maintain security throughout the entire Software Development Life Cycle.
• Oversee Application Security Testing including Static and Dynamic Code scans (SAST/DAST), Vulnerability Assessment and Penetration Testing (VAPT)
• Participate in product risk assessments and threat modelling.
• Support product team through internal and external audits.
• Ensure product compliance with corporate policy, evolving industry standards, and relevant regulatory controls
• Ongoing reporting of compliance posture to senior management
• Document and communicate security features and best practices to internal and external stakeholders

Required Technical and Professional Expertise

• 5+ years of relevant experience in cloud and cloud security domain
• 5+ years of Information security experience, including 3+ years in Software Development
• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication/authorization/identity-management (SSO/OAuth/OpenID/RBAC/ABAC etc), applied cryptography, security vulnerabilities and remediation.
• Familiar with common threats and vulnerabilities applicable to Web Applications and Middleware (eg. OWASP Top 10)
• Deep expertise either with AWS or MicroSoft Azure security. Cloud security compliance, cloud data security, cloud threat and incident management, WAF, VPC Security controls, Security log management
• Excellent Communication, customer facing and technical presentation skills
• Ability to pick up new areas like AI and work hands on in developing proof of concepts
• Participate, lead and jointly deliver security evaluation reports on cloud providers (IBM Cloud, Azure, AWS, GCP)
• Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, researching cloud infrastructure security standards such as ISO 27000 series, NIST CSF, and CSA
• Identify and deliver appropriate controls based on industry standards (e.g., CCM) to drive cloud and customer security solutions framework based on business risk and cloud native threats
• Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls
• Provide recommendations for improvement and risk reduction by assessing clients’ cloud security posture; and act as a change agent with customer organizations to oversee the vulnerability improvements with our clients’ existing IT staff as well as 3rd party vendors support our clients (most often managed IT service providers)
• Design and develop security architectures for cloud and cloud/hybrid-based systems.

Preferred Technical and Professional Expertise

• Exposure to security architecture and design practices in the Cloud Native systems will be an added advantage and a key differentiator.
• Understanding of Web proxying/scaling technologies
• Security certifications are an added bonus (CISSP, CCSP, CISM, CEH, etc)
• Exposure to programming in Python and Go
• Exposure to Kubernetes, container security, network security, virtualization
• Exposure to Cloud security audit trails.