At IBM Infrastructure & Technology we design and operate the systems that keep the world running. From high-resiliency mainframes and hybrid cloud platforms to networking automation and site reliability. Our teams ensure the performance security and scalability that clients and industries depend on every day. Working in Infrastructure & Technology means tackling complex challenges with curiosity and collaboration. You’ll work with diverse technologies and colleagues worldwide to deliver resilient future-ready solutions that power innovation. With continuous learning career growth and a supportive culture IBM provides the opportunities to build expertise and shape the infrastructure that drives progress.
Key responsibilities
- Plan the penetration test
- Select design and create appropriate tools for testing
- Perform the penetration test on computer systems networks web-based and mobile applications
- Document your methodologies findings
- Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams previous results threat model and source code scanning inputs.
- Review your findings and feedback to development teams
- Analyse the outcomes and make recommendations for security improvements
- Carry out application network systems and infrastructure penetration tests
- Review physical security and perform social engineering tests where appropriate
- Evaluate and select from a range of penetration testing tools
- Keep up to date with latest testing and ethical hacking methods
- Deploy the testing methodology and collect data
- Report on findings to a range of stakeholders
- Make suggestions for security improvements
- Enhance existing methodology material
Required Professional and Technical Expertise
- Experience – 0 - 1 years in Cybersecurity
- Web Application Testing
- Basic understanding of HTTP Protocol
- HTTP Methods Request/Response Headers Cookies TCP/IP connections over HTTP etc.
- Basic understanding of HTML/JavaScript
- Good Understanding of security vulnerabilities OWASP Top 10 vulnerabilities
- Basic understanding of storage domain
Automated Testing
- Must have knowledge of at least one of ZAP OR BurpSuite scanner. (Good to have knowledge of both the tools.)
- Should be able to configure automated scanner (such as Login sequence manually exploring critical flaws Policy customization scan throttling etc…) to perform successful scan.
- Assessment of scanner results and intelligently identifying false positives from the scan results.
- Knowledge of Burp features mainly Spider Intruder Scanner Repeater and Extender.
Manual Testing.
- Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing.
- Flaws like Authentication (session management) testing CSRF business logic testing which are not detected by an automated scanner must be identified using manual testing.
- Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.