IBM Cloud Security Tester in New York, New York

IBM is seeking an experienced Security Tester to join its Cloud Security team. You’ll be involved in working directly with strategic customer accounts, and in implementing high-performance, high-scale cloud security solutions for them. You’ll also be working with cloud Security Architects and other product teams in order to deploy the most optimal security solutions to ensure maximum customer success.The Cloud Security Tester is a technical, customer-facing role having paramount impact on customers’ experience with IBM cloud solutions. As a Cloud Security Tester, you will be responsible for Network & Application Security Testing (Penetration Testing, Ethical Hacking, Vulnerability Assessment, Code Review, White Box Testing).As an ideal candidate, you will have:

  • Experience on Application Security tools, Integration of testing mechanisms with industry best practices such as the Open Web Application Security Project (OWASP).

  • Knowledge of threat modeling and other risk identification techniques, Knowledge of system security vulnerabilities and remediation techniques.

  • common software vulnerabilities and their mitigation techniques.

  • Knowledge of Configuration and Security logs of Security Firewall and edge Devices.

  • Excellent written and verbal communication skills.

  • Excellent teamwork skills.

  • The ability to evaluate new and emerging security technologies.

Additional acronyms found in this job posting:

  • Anti-DDoS: Distributed Denial of Service

  • API: Application Program Interface

  • ASA: Adaptive Security Appliance

  • FFIEC: Federal Financial Institutions Examination Council

  • FW: Firewall

  • GW: Gateway

  • HAProxy: High Availability Proxy

  • HIPAA: Health Insurance Portability and Accountability Act

  • IAM: Identity and Access Management

  • IPS: Intrusion Prevention System

  • ISO: International Organization for Standardization

  • JunOS: Junos Network Operating System

  • LB: Load Balancing

  • OAuth2 SSO: Open Standard for authorization Single Sign On

  • OpenID: Open Standard and Decentralized Authentication protocol

  • PCI: Payment Card Industry

  • RFP: Request for Proposal

  • SAML: Security Assertion Markup Language

  • SIEM: Security information and event management

  • VPN: Virtual Private Network

  • WAF: Web Application Firewall


2 years' experience with:

  • Firewalls, IPS, VPN and other edge and network security components - Vyatta GW, Fortigate, Checkpoint, Cisco ASA, JunOS FW

  • LB using edge nodes; Install/Configure/ Ops for NetScalar, HAProxy LBs

  • SAML, OAuth2 SSO and OpenID Connect implementations

1 year experience with/in:

  • SIEM like QRadar install, config, operations; QFlow design and integration

  • IAM architecture with IBM and third-party products, integration with application

  • Scripting languages like Python, Ruby-on-Rails, Javascript, building and consuming APIs/micro-services

  • Encryption tools / SW, best practice implementations

  • A role responsible for the understanding of Compliance needs across Industry verticals - PCI, HIPAA, ISO, FFIEC, etc

  • Ethical hacking and Pen testing

  • A client facing role

Client Technical Engagement