Security Consultant

Introduction

At IBM CIC, we deliver deep technical and industry expertise to a wide range of public and private sector clients in the UK.

A career in IBM CIC means you'll have the opportunity to work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio.

Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions which impact a wide network of clients, whom may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

We offer:

• Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications
• Regular and frequent promotion opportunities to ensure you can drive and develop your career with us
• Feedback and checkpoints throughout the year
• Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
• A culture where your ideas for growth and innovation are always welcome
• Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
• Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme
• More traditional benefits, such as 25 days holiday (in addition to public holidays), online shopping discounts, an Employee Assistance Program, a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future.

• Data Loss Prevention (DLP),
• Cloud Access Security Brokers (CASB),
• Data Access Governance (DAG),
• Data-at-rest encryption,
• PKI (Public Key Infrastructure) key management,
• Q-Safe services.

• Leading threat modelling workshops with cross-functional teams to identify potential security risks early in the software development lifecycle and recommending effective mitigation strategies.
• Designing and implementing security testing (SCA, SAST, DAST) as part of the DevSecOps pipeline to identify and remediate vulnerabilities at every stage of the development process.
• Designing and implementing IaC security solutions to ensure secure provisioning, configuration, and continuous monitoring of infrastructure as code.
• Implementing and securing cloud-native environments with CNAPP and CSPM, focusing on application security and cloud posture management.
• Designing and deploying PKI solutions for secure key management, including key generation, key ceremonies, and certificate management. Master key ceremony experience is highly valued, specifically for secure key generation and lifecycle management, ensuring that root or master keys are securely generated, stored, distributed, and rotated, in compliance with stringent security protocols and best practices.
• Applying DLP, CASB, and DAG technologies to ensure strong governance, data access control, and protection against data leakage.
• Ensuring workload protection across containerized applications, microservices, and virtualized environments to maintain runtime security.
• Implementing data-at-rest encryption and Q-Safe solutions to secure stored data and manage cryptographic keys throughout their lifecycle.

• DevSecOps: Strong focus on integrating security into the software development lifecycle, automating security practices into CI/CD pipelines, and ensuring seamless collaboration between security and development teams.
• Experience with automated SCA (Software Composition Analysis), SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing) to identify vulnerabilities early and throughout development.
• Application Security: Proficiency in application security testing, including white-box and gray-box testing methodologies. Strong experience in DevSecOps engineering, securing cloud-native and on-premises applications, and managing runtime protection.
• Infrastructure as Code (IaC) Security: Expertise in securing IaC (Infrastructure as Code) configurations, ensuring secure provisioning, configuration management, and continuous monitoring of infrastructure.
• Cloud-Native Application Protection Platform (CNAPP): Securing cloud-native applications, microservices, containers, and Kubernetes environments by identifying and mitigating vulnerabilities and misconfigurations across the application lifecycle.
• Cloud Security Posture Management (CSPM): Utilizing CSPM tools to ensure proper configuration and compliance with security policies across cloud environments (AWS, Azure, GCP).
• Workload Protection: Ensuring runtime security for applications, containers, and infrastructure, focusing on protecting workloads from vulnerabilities, threats, and attacks in both cloud and on-prem environments.
• Data Security (DLP, CASB, DAG, PKI): Knowledge of Data Loss Prevention (DLP) solutions to prevent unauthorized data access or leakage, CASB for securing cloud applications, and Data Access Governance (DAG) for managing access to sensitive data.
• Proficiency in PKI architecture and key management, including the management of cryptographic keys, key ceremonies, and other related key management processes.
• Data-at-Rest Encryption & Key Management: Expertise in implementing data-at-rest encryption strategies, ensuring the protection of stored data, and managing key management solutions for encryption keys throughout their lifecycle.
• Knowledge of Q-Safe for securing sensitive data and cryptographic key management.

• extensive experience in PKI architecture
• key management
• master key ceremonies for the secure generation, storage
• handling of cryptographic keys.

• Hands-on experience with DevSecOps tools and technologies, including security scanning, code analysis, container security, and cloud security best practices.
• Prisma Cloud: Experience with Prisma Cloud is highly preferred, as it provides comprehensive cloud-native security, including cloud security posture management (CSPM), Cloud-Native Application Protection Platform (CNAPP), and workload protection capabilities.
• Familiarity with Prisma Cloud to secure the full application lifecycle, from code to cloud, is essential.
• Palo Alto Networks: Experience with Palo Alto security tools, including Palo Alto Firewalls, Prisma Cloud, and Cortex XSOAR, for cloud and network security is highly desirable.
• DLP (Data Loss Prevention): Proficiency in implementing DLP solutions to prevent the leakage of sensitive data across endpoints, networks, and cloud environments.
• CASB (Cloud Access Security Broker): Experience with CASB solutions to control and monitor user activities across cloud services, ensuring secure cloud application usage and preventing unauthorized access or data leaks.
• DSPM (Data Security Posture Management): Familiarity with DSPM tools to assess, monitor, and improve the security posture of data across cloud environments, ensuring compliance and minimizing risks related to sensitive data exposure.
• Data Classification Tools: Experience with data classification tools to categorize and tag sensitive data, ensuring proper access controls and governance for data security.
• Familiarity with CI/CD tools like Jenkins, GitLab, or GitHub Actions for integrating security practices.
• Knowledge of SCA (Software Composition Analysis), SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing) tools for automating code security checks and vulnerability scanning.
• IaC security tools such as Terraform, AWS CloudFormation, or Ansible to automate secure infrastructure deployment and configuration.
• Experience with container security tools like Aqua Security, Twistlock, or Anchore, and managing security for Kubernetes clusters.
• Hands-on experience with DevSecOps tools and frameworks, ntegrating security into CI/CD pipelines and automated workflows.
• Proficiency in cloud-native security tools and services (e.g., Prisma Cloud, Palo Alto, CNAPP, CSPM, IaC security).
• Strong application security skills, including static and dynamic application testing, as well as real-time protection for cloud-based applications.
• Master key ceremony experience, along with a deep understanding of PKI architecture, cryptographic key management, and best practices for secure key generation and lifecycle management.
• Deep knowledge of data protection, encryption standards, Q-Safe, and PKI systems, ensuring compliance and governance across both application and data security.