At IBM CIC we provide technical and industry expertise to a wide range of public and private sector clients in the UK.
A career in IBM CIC means you’ll have the opportunity to work with leading professionals across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. You will get the chance to deliver effective solutions driving meaningful business change for our clients using some of the latest technology platforms.
Curiosity and a constant quest for knowledge serve as the foundation to success here. You’ll be encouraged and supported to constantly reinvent yourself focusing on skills in demand in an ever changing market. You’ll be working with diverse teams coming up with creative solutions which impact a wide network of clients who may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.
We offer :
- Many training opportunities from classroom to e-learning mentoring and coaching programs and the chance to gain industry recognized certifications
- Regular and frequent promotion opportunities to ensure you can drive and develop your career with us
- Feedback and checkpoints throughout the year
- Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
- A culture where your ideas for growth and innovation are always welcome
- Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
- Tools and policies to support your work-life balance from flexible working approaches sabbatical programs paid paternity leave maternity leave and an innovative maternity returners scheme
- More traditional benefits such as 25 days holiday (in addition to public holidays) private medical dental & optical cover online shopping discounts an Employee Assistance Program life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future.
In this role you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers) where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
As a Security Consultant specializing in Data and Application Security you will help clients secure their applications and sensitive information across the full development and data lifecycle. You will guide organizations through application security challenges embedding controls into design build and deployment phases while leveraging practices such as Threat Modelling Secure SDLC and DevSecOps. With expertise in vulnerability management data protection and regulatory compliance you will design security guardrails that support application modernization programs in multicloud environments ensuring risks are minimized and business objectives are achieved securely.
Responsibilities
- Provide advisory and technical expertise on application security across the Software Development Lifecycle (Design Build Deploy).
- Lead activities such as Threat Modelling Secure SDLC integration DevSecOps practices and application security testing.
- Implement security guardrails to support secure application modernization on multicloud platforms.
- Drive application vulnerability management analyzing high-risk vulnerabilities reducing false positives and developing effective mitigation plans.
- Apply data protection techniques including encryption masking and anonymization to safeguard sensitive information.
- Define and enforce data classification and lifecycle management policies ensuring security across all stages of data handling.
- Advise clients on regulatory requirements (e.g. GDPR HIPAA CCPA) and align security programs to meet compliance obligations.
- Strengthen database security through access management auditing and patch control.
- Integrate with SIEM platforms to monitor analyze and respond to potential data and application security incidents.
- Collaborate with development and infrastructure teams to embed security seamlessly into business processes and IT solutions.
- Strong experience in application security domains including Threat Modelling Secure SDLC DevSecOps and security testing.
- Knowledge of data protection methods: encryption (at rest/in transit) masking anonymization.
- Hands-on experience with Data Loss Prevention (DLP) tools and strategies.
- Proficiency in database security controls including access auditing and patch management.
- Familiarity with SIEM platforms for monitoring and analysis of data/application security events.
- Understanding of data classification principles and lifecycle management practices.
- Knowledge of privacy regulations (GDPR HIPAA CCPA) and ability to align security programs to compliance.
- Strong grasp of security frameworks such as NIST ISO 27001 and CIS Critical Security Controls.
As an equal opportunities’ employer we welcome applications from individuals of all backgrounds. However for you to be eligible for this role you must have the valid right to work in the UK. Unfortunately we do not offer visa sponsorship and have no future plans to do so. You must be a resident in the UK and have been living continuously in the UK for the last 2 years. You must be able to hold or gain a UK government security clearance.
- Experience embedding security guardrails in application modernization programs across hybrid/multicloud environments.
- Proficiency with automation tools and pipelines supporting DevSecOps practices.
- Certifications such as CSSLP CISSP CISM CCSP or equivalent.
- Strong consulting experience with the ability to translate complex security challenges into actionable recommendations for development and business stakeholders.
- Experience in designing and managing enterprise-wide data governance frameworks.