IBM Cybersecurity Vulnerability Analyst - IBM CISO in RESEARCH TRIANGLE PARK, North Carolina

Job Description

The IBM Global Chief Information Security Organization (IBM CISO) is seeking a highly self-motivated leader who is passionate about security and vulnerability management to join the dynamic IBM CISO Vulnerability Management (VM) team.


The Cybersecurity Vulnerability Analyst will implement and enhance IBM’s vulnerability management policies, standards, and processes including existing PSIRT (Product Security Incident Response Team). This role is a part of an exciting fast paced corporate security team. Security is one of IBM's critical pillars and the position offers great visibility.

In this role, you will be part of a fast-paced Agile team collaborating closely with IBM CISO VM solution engineers to drive solutions and proper vulnerability management across all business units to reduce risk to IBM and customers. Successful candidates will be innovative thinkers and possess out-of-the box thinking to improve effectiveness of security teams in an ever-changing environment.


  • Define and document IBM Vulnerability Management policies, standards, and processes

  • Manage real-time security vulnerabilities, conduct assessments, and assess vulnerability risk and impact

  • Lead and coordinate cross-functional teams to handle urgent security vulnerability events

  • Work with third-parties that report vulnerabilities and coordinate resolution

  • Identify, Assess, and Validate vulnerabilities with strong technical understanding of security vulnerabilities to assess impact

  • Manage and drive IBM asset owners to remediate their vulnerabilities within remediation timelines, determine deviations, and escalate when needed

  • Communicate, create, and report vulnerability status and metrics to IBM Executives and Business Unit BISOs stakeholders at all levels

  • Gather user requirements and influence design, development, enhancements of VM tools

  • Drive user community adoption of Vulnerability Management tools and provide support

  • Research information security trends, standards and practices to enhance vulnerability management


  • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

  • Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.

  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

  • Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems; conducting application vulnerability assessments and performing impact/risk assessments.

  • Ability to develop insights about the context of an organization’s threat environment

No remote opportunities exist - Must be able to work onsite in Raleigh, NC

Must have the ability to work in the US without current/future need for IBM sponsorship

Your life at IBM

Impact. Inclusion. Infinence.

Together, these themes provide the foundation of the experiences of all IBMers, and represent the value inherent in a career with IBM.

Our work is truly life changing - from helping to cure diseases, predict weather, to cleaning oceans and beyond.

Our culture of openness, collaboration, trust, invites everyone to have a voice.

Careers are made from experiences. At IBM, those experiences can be diverse, unlimited and far-reaching so you can truly discover your true passion – without ever changing the company.

Required Technical and Professional Expertise

  • At least 4 years experience in vulnerability management best practices, techniques, and tools.

  • At least 4 years experience in identifying, assessing, validating, remediating, and status reporting of vulnerabilities end to end

  • At least 2 years experience in defining and documenting vulnerability management policies, processes, and framework

Preferred Tech and Prof Experience

  • Prior experience with vulnerability management tools such as Qualys, Tenable, Rapid7, etc. and/or process management/issue tracking tools such as IBM Business Process Management (BPM), Jira, etc.

  • Strong leadership, collaboration, communication, and problem solving skills.

  • Knowledge of IT security best practices, standards, techniques

  • Knowledge of industry security frameworks (ISO2700x, NIST, HIPAA, Cloud Security)

  • Agile and DevOps methodologies

  • Demonstrated ability to work in a fast-paced environment with global cross-matrix teams

  • Certified Information Systems Security Professional (CISSP)

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.