Security specialist

Introduction
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.

Your Role and Responsibilities We are looking for a Lead Security Developer highly interested in security and compliance activities of Linux on Z systems.
Your main duties will include following Security Privacy by Design concepts and making sure that the principles are followed during the lifecycle of the offering. Work on different compliance activities such as NIST, FIPS, Quantum Safe , HIPAA, FedRAMP, SOC2 etc. You will also work closely with the customers to ensure the software meets their security and compliance standard.

Step in and be part of IBM System Development Lab community, outstanding for its innovation and team spirit, offering one of the broadest project portfolios of hardware and software technologies within the IBM Corporation.

Engineers in our team work inside a highly agile development environment and are responsible for the full software development life cycle – ranging from designing and implementing of the new product features, maintaining industry-leading security and compliance assurance over to continuous product delivery as well as supporting our global customers. You should be thrilled by emerging technologies with our software products for future Mainframe and Cloud-based markets.

What you will do (Roles & Responsibilities) :

• The IBM Z Hyper Protect Servers team is seeking an experienced Lead Security Developer
• As a Security Lead, you will be part of a highly focused, self-managed team that designs, develops and tests secure solutions created for Z Systems workloads and applications.
• Responsible for all aspects of security and compliance activities.
• Provide feedback to architects regarding any issues that can cause any security and compliance Gaps.
• Manage projects with various priority levels and timelines from start to finish.
• Demonstrate best practices in all aspects of administration.
• Leverage various security tools to secure the offerings and make sure offering is adhered to the best security and compliance principles.
• Continuously stay abreast of new security and compliance guidelines to ensure more secure offering.
• Must collaborate with other departments to resolve complex issues and be detail oriented.
• Ability to automate security and compliance solutions to repetitive problems/tasks.

Required Technical and Professional Expertise

• Upto 15 Years of working experience with Security and Compliance activities
  Programming Skills:
  • Python
  • Shell Scripting
  Other Skills:
• In depth Knowledge of end to end Security and Complinace activities such as Threat Models, Security Privacy by Design.
• Knowledge of Security scanning tools such as Nessus scanner, SonarQube, NMap.
• In depth Security concepts (Includes deep understanding of identity mgmt/authentication, authorization, firewall, auditing, secure communication, managing certificates, password management)
• Excellent presentation and soft skills
  Security Domain Expertize:
• Understand of cryptographic key management and it’s lifecycle and also security architecture.
• In depth knowledge of Hardware Security Modules, PKCS #11 APIs, Trusted
• Execution Environments, Quantum Safe Algorithms
• Strong English communication skills both written and verbal

Preferred Technical and Professional Expertise

• General understanding of private /public / hybrid cloud concepts
• In depth understanding of HW servers and server components
• General understanding of open source projects; experience with open source community contribution can be an added advantage
• Indepth Security concepts and hands on experience on Certificate management/authentication, authorization, firewall, auditing, secure communication, password management