Introduction
A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You'll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you'll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You'll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.
Your Role And Responsibilities
As a Security Consultant specializing in Application Security, you will help clients understand and address application security issues, risks, and vulnerabilities through expert analysis and guidance. You will provide consulting services to analyze and resolve security incidents, ultimately supporting clients in achieving a superior security posture. Your primary responsibilities will include:
- Analyze Security Issues: Conduct interviews, workshops, and assessments to identify application security risks, exposures, and vulnerabilities, and provide recommendations for improvement.
- Develop Security Strategies: Apply security principles and knowledge of Application Security technologies, Threat models, and DevSecOps concepts to define business drivers and develop associated security strategies, programs, and incident response plans.
- Resolve Security Incidents: Collaborate with clients to analyze and resolve security incidents, providing expert guidance and support to ensure timely and effective remediation.
- Provide Remediation Recommendations: Develop and present remediation recommendations and roadmaps to clients, helping them to improve their overall security posture.
- Deliver Consulting Services: Provide high-quality consulting services, working closely with clients to understand their unique security needs and delivering tailored solutions to meet those needs.
Preferred Education
Master's Degree
Required Technical And Professional Expertise
- Review and validate results from SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools.
- Audit OS, container, and database scans for vulnerabilities and misconfigurations looking at reports a
- Assess the effectiveness of hardening measures across application components (e.g., web servers, APIs, containers, databases).
- Collaborate with application development and DevSecOps teams to ensure remediation of identified issues.
- Maintain audit documentation, including findings, remediation tracking, and compliance status.
- Evaluate adherence to secure coding practices and application security policies.
- Support internal security audits related to application & underlying infrastructure security.
- Stay updated on emerging threats, vulnerabilities, and secure development trends.
Preferred Technical And Professional Experience
- Bachelor's degree in computer science, Cybersecurity, or related field.
- 4+ years of experience in application security, security auditing, or secure software development.
- Hands-on experience on one or more tools like SonarQube, Fortify SAST/DAST, Burp Suite, OWASP ZAP etc.
- Strong understanding of OWASP Top 10, secure coding principles, and CI/CD pipelines.
- Familiarity with container technologies (e.g., Docker, Kubernetes) and cloud platforms (e.g., AWS, Azure, GCP).
- CREST Certified Pen Tester
- CISSP or CCSP
- Preferred Certified AWS DevSecOps Professional or equivalent
- Analytical mindset with attention to detail
- Ability to interpret scan results and prioritize remediation
- Strong communication and collaboration skills
- Knowledge of regulatory frameworks (e.g., ISO 27001, PCI-DSS, GDPR)
- Experience working in Agile and DevOps environments
