IBM is seeking an experienced Security Tester to join its Cloud Security team. You’ll be involved in working directly with strategic customer accounts, and in implementing high-performance, high-scale cloud security solutions for them. You’ll also be working with cloud Security Architects and other product teams in order to deploy the most optimal security solutions to ensure maximum customer success.The Cloud Security Tester is a technical, customer-facing role having paramount impact on customers’ experience with IBM cloud solutions. As a Cloud Security Tester, you will be responsible for Network & Application Security Testing (Penetration Testing, Ethical Hacking, Vulnerability Assessment, Code Review, White Box Testing).As an ideal candidate, you will have:
Experience on Application Security tools, Integration of testing mechanisms with industry best practices such as the Open Web Application Security Project (OWASP).
Knowledge of threat modeling and other risk identification techniques, Knowledge of system security vulnerabilities and remediation techniques.
common software vulnerabilities and their mitigation techniques.
Knowledge of Configuration and Security logs of Security Firewall and edge Devices.
Excellent written and verbal communication skills.
Excellent teamwork skills.
The ability to evaluate new and emerging security technologies.
Additional acronyms found in this job posting:
Anti-DDoS: Distributed Denial of Service
API: Application Program Interface
ASA: Adaptive Security Appliance
FFIEC: Federal Financial Institutions Examination Council
HAProxy: High Availability Proxy
HIPAA: Health Insurance Portability and Accountability Act
IAM: Identity and Access Management
IPS: Intrusion Prevention System
ISO: International Organization for Standardization
JunOS: Junos Network Operating System
LB: Load Balancing
OAuth2 SSO: Open Standard for authorization Single Sign On
OpenID: Open Standard and Decentralized Authentication protocol
PCI: Payment Card Industry
RFP: Request for Proposal
SAML: Security Assertion Markup Language
SIEM: Security information and event management
VPN: Virtual Private Network
WAF: Web Application Firewall
2 years' experience with:
Firewalls, IPS, VPN and other edge and network security components - Vyatta GW, Fortigate, Checkpoint, Cisco ASA, JunOS FW
LB using edge nodes; Install/Configure/ Ops for NetScalar, HAProxy LBs
SAML, OAuth2 SSO and OpenID Connect implementations
1 year experience with/in:
SIEM like QRadar install, config, operations; QFlow design and integration
IAM architecture with IBM and third-party products, integration with application
Encryption tools / SW, best practice implementations
A role responsible for the understanding of Compliance needs across Industry verticals - PCI, HIPAA, ISO, FFIEC, etc
Ethical hacking and Pen testing
A client facing role
Client Technical Engagement