Department Summary: CISO/IT Risk organization led by IBM’s Chief Information Security Officer is responsible for the design, implementation and reporting of IBM’s internal global information security program; including identification, protection, detection and response all delivered from a risk based perepective.
Position Description: The successful candidate for this position will be part of the Proactive Testing & Prevention Team and directly responsible for the dynamic team responsible for delivering application security and ethical hacking capabilities to continuously protect IBM.
Role: As the Leader of the Manual Testing team, you will lead an elite team of ethical hackers who are responsible for identifying vulnerabilities in one of the largest and most challenging environments in the world.
To qualify for this position, you must have a proven track record of delivering results and successfully leading skilled penetration testers.
• Lead a team of application security and penetration testing professionals in applying relevant and proven techniques in mobile, web and application security
• Assist in the development and implementation of enterprise bug bounty program
• Impart application security and ethical hacking subject matter expertise into team processes
• Drive improvements in the security testing practice to include execution methodology and metrics
• Define metrics to accurately convey team performance and measure against goals
• Ensure team deliverables are appropriately integrated into risk management lifecycle processes
• Partner effectively with development and infrastructure teams to integrate security
• Effectively communicate technical issues to non-technical leaders
• Apply analytical thinking to multiple engagements simultaneously
• Provide mentorship and coaching to grow associate’s technical and professional development skills
Work Locations available: Chicago, IL, Schaumburg, IL, Raleigh, NC or Armonk, NY
Required Technical and Professional Expertise
• Minimum 4-6 years of professional experience in application security, penetration testing, security assessment, secure software development or related field
• Minimum 2-4 years of supervisory leader experience
• Experience with vulnerability risk and impact assessment
• Experience integrating security capabilities in cloud and application lifecycle management platforms
• Extensive knowledge of the OWASP Top 10
• Extensive knowledge of the secure development lifecycle
• Excellent written and verbal communication skills
• Strong sense of urgency and ownership
Preferred Tech and Prof Experience
• Supervisory experience leading application security professionals and ethical hackers
• Experience exploiting web, mobile and application security vulnerabilities
• 4 to 6 years of supervisory experience leading Information Security professional with an application security emphasis
• Experience in software development
• Experience integrating secure coding techniques with product teams
• Experience leading distributed teams in a global company
• Professional certifications such as CISSP, CISM, OSCP and CEH
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.