IBM Global Security - Application Security Consultant in Washington, District Of Columbia

Job Description

The Global Security Consultant in the global practice should be an advisor and pragmatic management consultant that can speak to the security landscape and have the ability to communicate effectively with senior members of a client management and/or executive teams. The consultant should have a depth of knowledge and experience in Application Security. However, at some level, should be able to speak to the breadth of the security landscape as well. The successful candidate will perform application security assessments, code reviews, and Software Development Life Cycle (SDLC) security consulting in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process. The consultant will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security.

Core Consulting:

  • Effective communication and presentation skills

  • The ability to lead large groups and be a primary facilitator

  • Demonstrated written skills

  • Comfortable working in a project based / client serving model

  • Ability to lead and shape client expectations

  • Help drive pursuits and engage in complex deals, matching outcomes to expectations

  • Ability to work easily with diverse and dynamic teams

  • Ability to work in a matrix management model

  • Preference for candidates with Secondary language skills

Projects may include:

  • Performing application vulnerability and security assessments

  • Performing application security risk assessments

  • Performing code review across a variety of programming languages

  • Performing assessments of SDLC processes

  • Performing threat modeling

  • Developing testing scripts and procedures

  • Developing and delivering application security training and outreach

  • Creating gap analysis and client improvement program recommendations

  • Other security-related projects that may be assigned according to skills

  • Candidates must have demonstrated experience in successfully completing tasks and delivering professionally written reports for clients.

  • Must have the ability to present findings to technical staff and executives.

A successful candidate will likely possess some or all of these qualifications as well:

  • Application security experience with major programming languages (e.g., Java, C, C++, .NET (C#, VB))

  • Experience leading software development projects

  • Experience with threat modeling and security risk assessments

Required Technical and Professional Expertise

  • At least 3 years of experience working on projects related to Application Security

  • At least 5 years of experience in IT and / or software development

  • Experience in application code review methods and standards

  • Experience in application development and coding

  • Experience in OWASP TOP 10 vulnerabilities, tools and methodologies

  • Experience in and an understanding of HTTP protocol and web programming

  • Experience in common application security requirements

  • Experience in standard Software Development Life Cycle (SDLC) practices

  • Experience working across diverse teams to facilitate solutions

  • Self-motivated individual with the ability to work in a high-achieving team and independently.

  • Readiness to travel 75% annually, including international travel

Preferred Tech and Prof Experience

  • Master's Degree

  • At least 5 years of experience in management consulting and systems integration

  • At least 5 years of experience in Application Security

  • At least 7 years of experience in IT and / or software development

  • Experience with web application development

  • Familiarity with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)

  • Familiarity with web application vulnerability scanning tools (e.g., IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro)

  • Familiarity with static analysis tools (e.g., IBM Appscan Source, HP Fortify)

  • Familiarity with interactive and automated penetration testing

  • Experience working in an international deployment role

  • Experience working with security consulting teams

  • Certified in CISSP, CEH, and/or CSSLP

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.