IBM Cloud Security Architect in Raleigh, North Carolina

IBM is seeking an experienced and dynamic Cloud Security Architect to work directly with strategic customer accounts and to architect and implement cloud solutions for customers’ infrastructure. An ideal candidate should have excellent technical credentials, extensive experience in cloud security infrastructure design and implementation, excellent communication skills, and professional approach in advising customers to solve their complex cloud security challenges.The Cloud Security Architect is a technical, customer-facing role having paramount impact on customers’ experience with IBM cloud solutions. As a Cloud Security Architect, you will be responsible for ensuring timely responses to customer's Request for Proposals (RFPs) and questionnaires, partner with our product and legal teams to refine service agreements and service descriptions aligned with IBM Cloud security strategy and policiesKey Requirements:

  • Experience building reference architectures and adapting them for enterprise use cases.

  • Understanding of cloud delivery and deployment models and updated of evolving technologies within the organization and across cloud industry.

  • Experience with enterprise security solution design and implementation skills covering Identity and Access Management (IAM), Infrastructure security (network & endpoint), privacy and data security as well as application security.

  • Knowledge of IBM Security Framework and Security Blueprint and experience with IBM Security products.

  • Clear understanding of customer requirements and doing security risk, Threat Analysis as well as must understand the IT regulatory control structures

  • Technical knowledge in routing, firewall policy, Anti-Distributed Denial of Service (Anti-DDoS), Web Application Firewall (WAF), Intrusion Prevention System (IPS), Security Information and Event Management (SIEM), secure credential management, virtualization, service oriented architecture, development practices, operational practices, micro services architecture and database design

  • Experience with doing the security architecture evaluation and to create and follow a process for assessing and auditing security exceptions. Good understanding of the domain to suggest alternatives to customers.

  • Experience with covering security aspects of all development, design and delivery processes for engineering teams to understand and track as well as work closely and influence them to adopt security best practices.

  • Demonstrated good communication skills and a history of running numerous time sensitive projects involving multiple cross-functional teams and background in large scale security oversight.

Additional acronyms listed in this job posting:

  • VPN: Virtual Private Network

  • GW: gateway

  • ASA: Adaptive Security Appliance

  • FW: Firewall

  • JunOS: Junos Network Operating System

  • HAProxy: High Availability Proxy

  • LB: Load Balancing

  • SAML: Security Assertion Markup Language

  • OAuth2 SSO: Open Standard for authorization Single Sign On

  • OpenID: open standard and decentralized authentication protocol

  • QRadar: Security Intelligence Platform

  • QFlow:

  • API: Application Program Interface

  • PCI: Payment Card Industry

  • HIPAA: Health Insurance Portability and Accountability Act

  • ISO: International Organization for Standardization

  • FFIEC: Federal Financial Institutions Examination Council


  • 5 years' experience with Firewalls, IPS, VPN and other edge and network security components - Vyatta GW, Fortigate, Checkpoint, Cisco ASA, Juniper JunOS FW

  • 2 years' experience with LB using edge nodes; Install/Configure/ Ops for NetScalar, HAProxy LBs

  • 5 years' experience with SAML, OAuth2 SSO and OpenID Connect implementations

  • 2 years' experience with SIEM like QRadar install, config, operations; QFlow design and integration

  • 3 years' experience with IAM architecture with IBM and third-party products, integration with application

  • 2 years' experience with Scripting languages like Python, Ruby-on-Rails, Javascript, building and consuming APIs/micro-services

  • 2 years' experience with Encryption tools / SW, best practice implementations

  • 2 years' experience with Understanding of Compliance needs across Industry verticals - PCI, HIPAA, ISO, FFIEC, etc

  • 2 years' experience with Ethical hacking and Pen testing

  • 1 year experience in a client-facing role.

Client Technical Engagement