Security Software Engineer

Introduction
Since our founding IBMers have been driven by a singular purpose. Making an impact on each other our clients and the world we strive to Be Essential. By developing trust and personal responsibility in all relationships IBMers around the world have focused on innovation that matters to the world and have dedicated themselves to every client’s success by focusing and believing in our core values.

IBM is seeking a qualified Penetration Tester to join its collaborative and energetic Red Team. This position will reside in the IBM Public Cloud organization providing penetration testing services and performing red team assessments against IBM Public Cloud offerings. IBM Public Cloud serves hundreds of clients every day to drive their success in both the Federal and Commercial sectors.

As a Penetration Tester you will work closely with multiple departments including development architecture and compliance to perform security testing against various system(s) and application(s). You will assist in the development and planning of remediation strategies to mitigate identified risks and vulnerabilities.

Your Role and Responsibilities

• Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure
• Plan and perform red team exercises against various cloud offerings
• Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team
• Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization
• Thoroughly document techniques tactics and proof of concepts used during security testing and red team exercises
• Research and continuously improve skills in attacker tools methods and techniques
• Lead by example for the greater red team in professionalism communication and technical expertise

Required Technical and Professional Expertise

• 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications containers APIs network devices databases operating systems and various cloud technologies
• Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations including enumeration and exploitation of various cloud-based technologies and development of secure applications.
• Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs respectively
• Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies
• Demonstrates strong experience with various scripting languages (Python Ruby Bash etc.)
• Nice to Possess one or more of the following credentials: CEH eJpt OSCP OSCE OSWE GWAPT GPEN GXPN CRTP Crest Penetration Certification.
• Familiarity with serverless services containerization and other cloud technologies
• Strong familiarity with OWASP Top Ten NIST and MITRE ATT&CK
• 3+ years of demonstrating experience in system or application administration role(s)

Preferred Technical and Professional Expertise

• 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications containers APIs network devices databases operating systems and various cloud technologies
• Understanding of offensive cybersecurity operations and defensive integrations including enumeration and exploitation of various cloud-based technologies and development of secure applications.
• Expertise in developing exploits and customized attack tooling and approaches
• Demonstrated security research leading to bug bounty and CVE awards
• Deep understanding of serverless services containerization and other cloud
• technologies
• Demonstrates strong experience with various scripting languages (Python Ruby Bash etc.)
• Good to have one or more of the following credentials: CEH eJPT OSCP OSCE OSWE GWAPT GPEN GXPN CRTP Crest Penetration Certification.
• Familiarity with serverless services containerization and other cloud technologies
• Strong familiarity with OWASP Top Ten NIST and MITRE ATT&CK
• 3+ years of demonstrating experience in system or application administration role(s)