IBM is seeking an experienced and dynamic Cloud Security Architect to work directly with strategic customer accounts and to architect and implement cloud solutions for customers’ infrastructure. An ideal candidate should have excellent technical credentials, extensive experience in cloud security infrastructure design and implementation, excellent communication skills, and professional approach in advising customers to solve their complex cloud security challenges.The Cloud Security Architect is a technical, customer-facing role having paramount impact on customers’ experience with IBM cloud solutions. As a Cloud Security Architect, you will be responsible for ensuring timely responses to customer's Request for Proposals (RFPs) and questionnaires, partner with our product and legal teams to refine service agreements and service descriptions aligned with IBM Cloud security strategy and policiesKey Requirements:
Experience building reference architectures and adapting them for enterprise use cases.
Understanding of cloud delivery and deployment models and updated of evolving technologies within the organization and across cloud industry.
Experience with enterprise security solution design and implementation skills covering Identity and Access Management (IAM), Infrastructure security (network & endpoint), privacy and data security as well as application security.
Knowledge of IBM Security Framework and Security Blueprint and experience with IBM Security products.
Clear understanding of customer requirements and doing security risk, Threat Analysis as well as must understand the IT regulatory control structures
Technical knowledge in routing, firewall policy, Anti-Distributed Denial of Service (Anti-DDoS), Web Application Firewall (WAF), Intrusion Prevention System (IPS), Security Information and Event Management (SIEM), secure credential management, virtualization, service oriented architecture, development practices, operational practices, micro services architecture and database design
Experience with doing the security architecture evaluation and to create and follow a process for assessing and auditing security exceptions. Good understanding of the domain to suggest alternatives to customers.
Experience with covering security aspects of all development, design and delivery processes for engineering teams to understand and track as well as work closely and influence them to adopt security best practices.
Demonstrated good communication skills and a history of running numerous time sensitive projects involving multiple cross-functional teams and background in large scale security oversight.
Additional acronyms listed in this job posting:
VPN: Virtual Private Network
ASA: Adaptive Security Appliance
JunOS: Junos Network Operating System
HAProxy: High Availability Proxy
LB: Load Balancing
SAML: Security Assertion Markup Language
OAuth2 SSO: Open Standard for authorization Single Sign On
OpenID: open standard and decentralized authentication protocol
QRadar: Security Intelligence Platform
API: Application Program Interface
PCI: Payment Card Industry
HIPAA: Health Insurance Portability and Accountability Act
ISO: International Organization for Standardization
FFIEC: Federal Financial Institutions Examination Council
5 years' experience with Firewalls, IPS, VPN and other edge and network security components - Vyatta GW, Fortigate, Checkpoint, Cisco ASA, Juniper JunOS FW
2 years' experience with LB using edge nodes; Install/Configure/ Ops for NetScalar, HAProxy LBs
5 years' experience with SAML, OAuth2 SSO and OpenID Connect implementations
2 years' experience with SIEM like QRadar install, config, operations; QFlow design and integration
3 years' experience with IAM architecture with IBM and third-party products, integration with application
2 years' experience with Encryption tools / SW, best practice implementations
2 years' experience with Understanding of Compliance needs across Industry verticals - PCI, HIPAA, ISO, FFIEC, etc
2 years' experience with Ethical hacking and Pen testing
1 year experience in a client-facing role.
Client Technical Engagement