IBM Senior Security Consultant in HANOI, Vietnam

Security ConsultantThe consultants in the Asia Pacific Security Services practice should be advisors and pragmatic management consultants that can speak to the security landscape with senior members of a client management or executive teams. The consultants should have depth of knowledge and experience in one of the core security domains (Security Strategy Risk and Compliance; IAM; SOC Operations; Application and Data; Infrastructure Endpoint and Mobile Security) but should be able to speak to the breadth of the landscape as well. The consultants will provide subject matter expertise in the form of workshops, and consulting engagements, which assess a client’s security capabilities, which could be in the policy, process, technology or organizational areas, identify gaps and recommend cost effective best practices to reduce client risk and increase their handle on security risk.The individual would be responsible for providing overall direction, life cycle management and leadership for Information Security architecture and technology solutions. The individual would be involved in the identification, analysis, evaluation, life-cycle management and adoption of security technologies. The individual would be entrusted with being a key resource for providing guidance on security features of technologies in the large enterprise environment. Indispensable skills Core consulting • Strong communication and presentation skills • The ability to lead large groups and be a primary facilitator • Strong written skills • Comfortable working in a project based / client serving model • Ability to lead and shape client expectations • Help drive pursuits and engage in complex deals, matching outcomes to expectations • Ability to work easily with diverse and dynamic teams • Ability to work in a matrix management model Security Domain Skills 1) Depth of knowledge in two or more of the core security domains: SSRC/GRC, IAM, SOC Operations, Application and Data, or Infrastructure Endpoint and Mobile Security2) The individual should have an understanding of the contemporary security landscape and technologies which are used as security solutions for protecting enterprise against the evolving threats. The candidate should have Solutions like Networks, Cloud Architecture and Layers Defense frameworks together with services best practices. This includes active industry trend like Content Delivery Networks, DDoS mitigation, Denial of Service protection of network and application layers, Load Balancing, Global Server Load Balancing, DNS Application Firewall DAF, Web Application Firewall WAF, PCI Compliance, Next Generation Fire-wall NGFW, WAP Optimization, SDN / NFV, Virtualization, Databases Protection, Data Leakage Prevention, SIEM, Security Monitoring, Malware, Advanced Persistent Threat APT, Legal Interception, SSL Interception, DPI, IPS/IDS, VPN, Content Filtering, Web Acceleration and others Web Application Strategy across FSI, Public Sector and largest organizations across ASEAN and APAC. 3) Understanding of compliance issues (ISO 27001, SSAE 16, and COBIT) and Regulatory requirements. 4) Experience in data exfiltration techniques and detection and response tools and strategies5) Strong experience in Threat Modeling of complex security systems6) Experience in delivering comprehensive architecture specifications for complex security ​solutions 7) Communicate security risk through documentation, conversation, and presentations with an objective of driving awareness and informed decision making.8) Demonstrable knowledge of security best practices, principles and frameworks (OWASP, SANS, NIST, ISO etc.) with a proven experience in applying those to the management of threats, vulnerabilities and risks.9) Understand client's business initiatives and requirements and map these business needs into technical and security architecture10) Provide technical thought leadership in overall security solutions development.11) Provide assessment services, compliance audits, security consulting and advisory services12) Design and provide "data centric" security architecture and defense in depth solutions encompassing layers of controls to protect confidentiality, integrity and availability (CIA) of the data13) Security Solutions should include solutions from various leading industry vendors.14) Design and demonstrate security solution that is scalable and easy to adapt with changing business requirements.15) Build and customize client solutions" that are a market differentiation.16) Continuously update the skills and knowledge to keep up with the changing market landscape and customer needs

  • 5-7 years of experience in a pre-sales and business development environment in the design, development and implementation of complex security solutions

  • Strong knowledge of security architectures and technologies including assessment, methodologies, compliance standards etc.

  • Solid knowledge of security standards and compliance like PCI, HIPAA, Sarbanes Oxley, ISO 27001, NIST, CSF, COBIT, ITIL, SANS 20

  • Strong understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing

  • Strong experience and ability to prepare RFP/RFI response, proposals and solutions

  • Solid working knowledge of vendor programs and partner eco-system

  • Strong knowledge of cloud architecture and its security concerns

Security Services