IBM
Consulting Security Engineer - DevSecOps Professional Washington, US
IBM, Washington, District of Columbia, us, 20022
IntroductionInformation and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and ResponsibilitiesThe DevSecOps Security Engineer will support dynamic and static analysis (DAST and SAST) of code for multiple applications using Fortify and work across technical teams to support the remediation of findings. The DevSecOps Security Engineer will support a large team of infrastructure, security and application team during migration of on-prem and cloud applications to the client Azure Government enclave. The security engineer will configure, operate and maintain Security Code Scanning tools (Fortify). The engineer will provide support for security assessment and authorization/ ATO process, security audits.
Required Technical and Professional Expertise
5+ years experience supporting secure DevSecOps practices using FORTIFY5+ years experience running Dynamic and Static Application Security Testing (SAST)5+ years experience working with source version control, build/release tools and methodologies5+ years experience with CI/CD pipelines5+ years experience with the software build process5+ years experience supporting backups and disaster recovery5+ years experience maintaining access control and the integrity of data throughout the platform5+ years experience designing, developing, evaluating and modifying systems and systems-oriented products5+ years experience configuring, deploying and maintaining and optimizing security code scanning tools (Fortify)Work with the development and infrastructure teams to remediate findingsPerform Cyber Supply Chain Risk Management (C-SCRM) activities to include configuring, deploying and maintaining SCRM tool (Mend) and analyze reportsSupport Security Assessment and Authorization / ATO processBachelors Degree and a minimum 5 years experience. Additional years of experience may be accepted in lieu of the degreeAbility to acquire a Public Trust Background investigationCertified in industry recognized areas such as CISSP, CISA, or CISMFamiliarity with NIST 800-53, FISMA, FedRAMP
Preferred Technical and Professional Expertise
Excellent organization, collaboration, project management, and team leadership skillsStrong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership2+ years experience executing security compliance in multi-cloud or DevSecOps environments2+ years experience coordinating across security, IT operations, audit, and development groups to achieve security outcomesSecurity certification in one or more cloud environments (Azure, AWS, Google...)
#J-18808-Ljbffr
Your Role and ResponsibilitiesThe DevSecOps Security Engineer will support dynamic and static analysis (DAST and SAST) of code for multiple applications using Fortify and work across technical teams to support the remediation of findings. The DevSecOps Security Engineer will support a large team of infrastructure, security and application team during migration of on-prem and cloud applications to the client Azure Government enclave. The security engineer will configure, operate and maintain Security Code Scanning tools (Fortify). The engineer will provide support for security assessment and authorization/ ATO process, security audits.
Required Technical and Professional Expertise
5+ years experience supporting secure DevSecOps practices using FORTIFY5+ years experience running Dynamic and Static Application Security Testing (SAST)5+ years experience working with source version control, build/release tools and methodologies5+ years experience with CI/CD pipelines5+ years experience with the software build process5+ years experience supporting backups and disaster recovery5+ years experience maintaining access control and the integrity of data throughout the platform5+ years experience designing, developing, evaluating and modifying systems and systems-oriented products5+ years experience configuring, deploying and maintaining and optimizing security code scanning tools (Fortify)Work with the development and infrastructure teams to remediate findingsPerform Cyber Supply Chain Risk Management (C-SCRM) activities to include configuring, deploying and maintaining SCRM tool (Mend) and analyze reportsSupport Security Assessment and Authorization / ATO processBachelors Degree and a minimum 5 years experience. Additional years of experience may be accepted in lieu of the degreeAbility to acquire a Public Trust Background investigationCertified in industry recognized areas such as CISSP, CISA, or CISMFamiliarity with NIST 800-53, FISMA, FedRAMP
Preferred Technical and Professional Expertise
Excellent organization, collaboration, project management, and team leadership skillsStrong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership2+ years experience executing security compliance in multi-cloud or DevSecOps environments2+ years experience coordinating across security, IT operations, audit, and development groups to achieve security outcomesSecurity certification in one or more cloud environments (Azure, AWS, Google...)
#J-18808-Ljbffr