Application Security Architect

The Security Architect role focuses on the design of business-driven Information Technology solutions to meet security requirements related to function, protection, assurance, risk management and compliance.

Your Role and Responsibilities

The scope of work includes:
(1) the collection and validation of requirements,
(2) the identification of risks, threats, vulnerabilities, potential anomalous flows and interactions,
(3) the definition of the security processes for assurance, management and compliance,
(4) the definition of security subsystems, and
(5) the design of integration and deployment architectures for security in networks, Infrastructure, middleware, applications and systems & service management systems.

Depending on the area of work, the Security Architect may perform evaluation and selection of the components, design of hardware, software, process and service components of the solution, assurance of deployment architectures, and guide secure engineering practices in development. The employee focuses on individual/team/department/ operational objectives.

  • Environment: Professional knowledge related to incumbent's department or function.
  • Communication/Negotiation: Engaged as an independent professional. Ability to articulate and compare alternatives approaches. Negotiate with specified objectives.
  • Problem Solving: Recognize problems related to project objectives. Creativity and judgment applied to professional technical, or operational problems. Independently generates solutions, based on analytical skills & business knowledge. Challenge the validity of given procedures and processes to enhance and improve or develop complementary adjustments /solutions.
  • Contribution/Leadership: Works on special projects, or leads small teams, or manages routine technical/ operational activities or departments (national or international). Understands departmental mission and vision. Provides advice in technical/operational domain of specialization. Generally, controls own work priorities and methods requiring tradeoffs.
  • Impact on Business/Scope: Accountable for individual or team, or department results, and for the impact of the results on functional activities. Participates in overall departmental program planning. Contributes by supporting activities that are subject to business measurements, impact customer satisfaction, or impact immediate costs or expenses.
The role will be responsible for improving the application security stance of the organization, building, integrating, supporting tooling for the automation of tasks, and assisting with compliance audits.

Improve application security stance of the organization
• Static source code analysis
• Vulnerability testing
• Code reviews
• Improve the secure software development lifecycle
• Verifying vulnerabilities in web applications
• Identifying solutions and validating remediation of web application vulnerabilities

Building tools and automating tasks to assist security teams
• Build tools for SOC analysts, malware team, penetration testers, and compliance
• Assist with the maintenance of asset list
• Create tools for SOC reporting and metrics


Required Technical and Professional Expertise

• Computer Science or related degree or equivalent work experience
• Proficient understanding of at least 5 of the OWASP Top 10. Able to give examples
• Proficiency with at least one programming language and web application framework
• Understanding of core programming concepts and software design patterns
• Experience working with a variety APIs
• Soft skills - good written and verbal communication, explaining vulnerabilities, writing reports, coordinating with other teams
• Ability to work with a geographically diverse team

Preferred Technical and Professional Expertise
• Experience performing vulnerability assessments on source code and live web applications
• Experience performing code reviews
• Experience with compliance frameworks: PCI, ISO27001, HIPAA, FedRAMP, SOC2, etc.
• Experience building enterprise level web applications
• Experience with PHP, Python, and Go web applications
• Experience creating and utilizing SOAP and REST APIs
• Experience with QRadar, Resilient, JIRA, FireEye, IBM AppScan, Verodin, Demisto, Security Center
• Experience building automation software
• Security certifications
• Participation in security conferences

About Business Unit
Digitization is accelerating the ongoing evolution of business, and clouds - public, private, and hybrid - enable companies to extend their existing infrastructure and integrate across systems. IBM Cloud provides the security, control, and visibility that our clients have come to expect. We are working to provide the right tools and environment to combine all of our client's data, no matter where it resides, to respond to changing market dynamics.

Your Life @ IBM
What matters to you when you're looking for your next career challenge?

Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities - where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust - where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.

Impact. Inclusion. Infinite Experiences. Do your best work ever.

About IBM
IBM's greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.

Location Statement
IBM will not be providing visa sponsorship for this position now or in the future.  Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.

Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Back to top