Security Architect

Introduction
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.

Your Role and Responsibilities The MultiCloud SaaS Platform (MCSP) is leading a strategic effort directly responsible for development and delivery of foundational components used by IBM Offerings that are moving to be Cloud-native on 3rd party Cloud providers including IBM Cloud, AWS, Azure and GovCloud.

A key element of the MCSP is security looking after the following responsibilities:

• Own security direction working with other teams’ security squads
• Define required architecture to achieve certification and readiness.
• Document requirements for policies, procedures and controls.
• Obtain certifications / readiness for the Platform and Cloud-native offerings
• Primary focal for all internal and external audits
• MCSP focal for all security incidents

You would be responsible for architecting the automated compliance for the SDLC lifecycle ofthe MCSP whilst working with the Compliance and Security teams from IBM SW products.

Required Technical and Professional Expertise

Minimum 3 years of overall experience software development role and background with
the SDLC.
• Experience being part of a team that has delivered on the security and compliance
certifications: ISO27001, PCI, HIPAA, GDPR and SOC-2 compliance.
• Minimum 3 years of experience hardening a software component and participating in a
security audit
• Proficient in Agile methodology with an ability to adapt quickly to changing technology
requirements
• In depth security experience with Security related tools: vulnerability scanners/reporting,
identity and access, security Information & event Management (SIEM), inventory
management, etc
• In depth security experience with Kubernetes / OpenShift clusters
•In depth security experience with Amazon Web Services security

Preferred Technical and Professional Expertise

• AWS Certified Security – Specialty
• Expertise with Go programming language
• Experience with FedRAMP (Moderate/High) & IL4
• Experience around in country data residency regulations