IBM Security Engineer / SME - CISO in Boston, Massachusetts
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
The CISO Security Innovation and Remediation Team (CISO-SIR) is looking to add a Security Engineer to the team. This position will provide security and technical expertise remediation efforts across the IBM enterprise. This role will work alongside Product, Security Operations, Incident Response, internal security teams and stakeholders to help solve security issues across a wide variety of technical domains.
The right candidate thrives in high-pressure situations, thinks like both an attacker and defender, and has excellent spoken and written communication skills. This role is perfect for someone with a good mix of technical knowledge and a demonstrated background in areas such as networking, infrastructure, development, systems, etc.
This role can cover a wide array of technical disciplines to include:
Security Technologies – Experience and understanding of common security technologies like EDR, NGFW, IDS, SIEM, SOAR, etc. and how they are deployed and utilized.
Private & Public Cloud – Knowledge of the common cloud platforms (e.g. IBM Cloud, AWS, Azure) and how security technologies can be integrated to those platforms.
Automation Tooling – An understanding of tools such as Ansible, Chef, Salt, Terraform, etc. and their use in automation infrastructure.
Operating System – Knowledge of Windows and Linux OS their architectures, etc. will be important as well as an understanding of modern networking structures.
Virtualization – Experience with any of the following: network, hardware, OS, application, cloud virtualization, Type 1 and Type 2 Hypervisors and how best to secure, e.g. hypervisor breakout, detect suspicious activity or OS compromise.
Develop strategies to recover from a security breach, provide security best practices and enhancements to systems, applications, etc.
Work with the various teams across IBM to establish security throughout the SDLC from testing through deployment.
Conduct security and risk assessments of applications, products, infrastructure to include threat modeling, source code review.
Knowledge of the principles, methods to protect information systems and data by ensuring their availability, authentication, authorization, confidentiality and integrity.
A focus of quality control within varied IT environments to ensure that security measures are in place to address threats.
Create and update technical documentation, which details recommendations of security best practices for remediation actions across various domains throughout IBM.
Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats, breaches, etc.
Knowledge of the incident response process, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damages.
Can work autonomously, or as a member of a larger Remediation Team depending on assignment or specific project requirements.
Attention to detail, the ability to think forward, adept problem-solving skills and proactively addressing issues.
Conducts security architecture reviews and makes recommendations.
Experience and know-how to prevent security exploits, how to detect them.
Ability to discover and recommend mitigations for (OWASP Top 10), e.g. SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities.
Solid understanding of vulnerability management and mitigation approaches.
Demonstrated knowledge of common attacks patterns, exploit techniques, e.g. Mitre Att&ck Framework.
Required Technical and Professional Expertise
7+ years of experience as a Security Engineer or an Engineering role in Networking, Infrastructure, Cloud, Application Development
Experience with Agile Methodology from design to project management
Experience with Incident Response or addressing security breaches, incidents as a member of a Security or Operations team
Experience with forensic analysis of systems, networks, etc.
Experience with IBM Cloud, AWS, Azure or similar proprietary cloud environments
Knowledge of CI/CD and Development Pipelines
Experience with Containerization and Kubernetes are a plus
Or you are self-taught with passion, curiosity and determination to follow every avenue until you find the answer
Preferred Technical and Professional Expertise
Education requirements can vary, a BS in Computer Science, Cyber Security, Engineering, Mathematics, or a BA in a variety of other fields will be considered and are a plus.
A Master’s degree is a plus, like a MIS, or a specialization in another field.
Possible certifications are :
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
About Business Unit
IBM Corporate Headquarters (CHQ) team represents a variety of functions such as marketing, finance, legal, operations, HR, and more, all working together to solve some of the world's most complex problems, help our clients achieve success and build collaborative work environments for IBMers.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
- IBM Jobs