Security & Compliance Architect

Your Role and Responsibilities IBM Security Architects come from many far-ranging disciplines; from networking, system administration, DevSecOps, system engineering, sys admins, security analysts, or software development leaders. IBM Cloud Security architects can come from highly skilled admins with experience across the datacenter and Cloud. Are you ready to take your years of skills and experience with Linux, containers, networking, system based security measures, and enterprise tools and bring that experience to designing and architecture work. Have you seen the impacts of intrusions, dealt with the months long deployments of security tools and the impacts of those deployments? IBM Cloud Security Architects is where you can apply those experiences to create the architecture and designs to thwart the next round of attackers. Required Technical and Professional Expertise

Minimum 10 + years of experience is required

Perform architecture security reviews and provide defense in depth controls and consulting on securing SaaS, PaaS, or IaaS cloud services.

Collaborate with other Security Architects on design, develop, research, and implement security architectures and process enhancements.

Lead security initiatives and principles toward adoption within the organization.

Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies, services, solutions, and knowledge of security industry best-practices.

Working knowledge of information security controls, guidelines, and standards (e.g., ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOC 2, and NIST).

Experience with a range of security technologies, processes and tooling around vulnerability management, container security, web application security, secure network design, identity and access management, database security, authentication methods, logging, security testing, cryptography, secure storage design, and data protection.

Professional experience with modern technologies such as public and hybrid cloud (IBM, AWS, GCP, Azure, etc.), containerization and orchestration (Kubernetes), & microservice architectures.

Optional skills

Experience on patching and benchmarking (CIS L1 for example) automation via in-house scripting or enterprise tooling.

Experience as an admin or superuser on Security Tools such as:SIEMs, SOAR platforms, vulnerability scanning, DAST, SAST, Privileged ID mgmt., AuthZ solutions, enterprise logging analysis, EDR, any zero trust tools (otherwise known as trusted execution or application whitelisting).

Experience with provisioning & provision automation in AWS, Azure, IBM Cloud, Oracle, or Google Cloud (experience can be with compute nodes, storage, database, any of the â"as a Serviceâ" offerings, integration with on-prem systems for Hybrid cloud, or bare metal systems).

Red Team (White hat) pen tester team experience (Kali, Cobalt Strike, Nmap, BurpSuite, etc.).

Experience with secure coding practices and testing to prevent and avoid attacks, such as, http state handling, XSS, OWASP Top 10 risks/vulnerabilities/solutions and frameworks, etc.

Proficient in software design and at least one or more programming languages (Python preferred with 2-4 years of experience).

Technical expertise throughout the software development lifecycle including design, implementation, and delivery (DevOps processes in a Cloud environment).

Preferred Technical and Professional Expertise

Bachelor's or master's degree in computer science, information security or a related field; professional certification (e.g., CISSP, CCSP).

FedRAMP experience or knowledge.

Soft skills- excellent written and verbal communication, explaining vulnerabilities, writing internal guidance documents, coordinating with other teams.

10 years' experience with Security Architecture and/or Engineering required.