From consultancy and client selling to architecting and implementing a solution, a Security role with IBM has a very diverse remit.
This increased diversity brings with it great challenges and opportunities.
Working for IBM you'll be dealing with end-to-end security, with an incredibly varied portfolio that aims to provide and deliver a holistic approach for Security Services.
This promises a fast-paced environment with innovative thinking right at its heart, with a broad range of industries and challenges on offer. IBM Security Services has a global security team of professionals, and we're expanding our services to meet the increase in demand we are seeing across all sectors of industry. It also has some world leading capability and services from the IBM Institute for Advanced Security and the X-Force team to leading products and services. IBM Security Services works alongside IBM Security Systems who have a portfolio of industry leading security software products across many areas, including QRadar and IBM Security Identity and Access Management.
Consultants in Security Services practice should be advisors and pragmatic management consultants that can speak to the security landscape with senior and C-Level members of a client management or executive teams. The Senior Managing Consultants should have depth of knowledge and experience in one of the core security domains (Security Strategy Risk and Compliance; IAM; SOC Operations; Application and Data; Infrastructure Endpoint and Mobile Security) but should be able to speak to the breadth of the Information Security/ Cyber Security or/ and Technology Risk landscape as well.
Required Technical and Professional Expertise
- An understand of contemporary and legacy security technologies used within a particular domain (e.g. Firewalls, IDS, Firewalls, SIEM)
- Understanding of compliance issues (ISO 27001, SSAE 16, COBIT) and Regulatory requirements.
- Information Security Management Principles - A fundamental understanding of ISMS Principles is expected covering an understanding Disaster Recovery, Access Controls, Authentication, Audit, Governance, Risk Management, Security Architecture, Systems Development.
- IT Systems - A fundamental understanding of IT Systems and Services covering Virtualization, Mainframes, Cloud Services, Hosting Services, Desktop.
- Systems Development - A fundamental understanding of IT Systems Development.
- Networking Technologies - An understanding of the fundamentals of IT networking technologies, the basic building blocks used and how they support a secure architecture.
Preferred Tech and Prof Experience
- Understanding of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to a security event
- Knowledge of security devices such as IDS/IPS, HIDS/HIPS, anomaly detection, Firewall and Antivirus systems and their log output
- Network forensics: network traffic protocols, traffic analysis (i.e. Network flows and PCAP), intrusion detection.
- Working knowledge of SIEM tools (such as RSA, Arcsight, Splunk and Qradar)
- Information Security Management (i.e. CISSP, CISM, CISA)
- Advise and define organizations Security Strategy and Transformation
- Risk Management and Technical Risk Assessment (i.e. ISO27005 Tools and techniques)
- Information Security Management Systems (i.e. ISO27001/ISO27002)
- Program and Project Governance/Management (i.e. PMP)
- Audit and Compliance Assessments (i.e. SOX, PCI-DSS, SCADA)
- The ability to advise on Security and Privacy, with an understanding of the impact of Local and EU privacy laws
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Back to top