Security Services Specialist
Multiple Cities
IBM
For more than a century, IBM has been a global technology innovator, leading advances in AI, automation and hybrid cloud solutions that help businesses grow.
Introduction
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.
Your Role and Responsibilities
A Security Services Specialist is responsible for evaluating vendors’ cybersecurity practices to identify risks, ensure compliance with standards, review security documentation, and recommend mitigations. They collaborate with stakeholders, monitor third-party activities, and report on risk status.
Required Technical and Professional Expertise
1. Software Development Lifecycle (SDLC) Knowledge
– Familiarity with how software is designed, developed, tested, deployed, and maintained.
2. Regulatory and Compliance Knowledge
– NIST Cybersecurity Framework (CSF)
– Executive Order 14028 (Improving the Nation’s Cybersecurity)
– SPDX or CycloneDX for SBOM formats
3. Risk Management
– Ability to identify and assess risks associated with software components, including vulnerabilities in
third-party libraries.
– Third party cyber risk assessments
4. Communication and Collaboration
– Skills in collaborating with developers, third parties and stakeholders to ensure compliance and
resolve issues.
Technical Expertise:
1. Software Composition Analysis (SCA) Tools
2. Programming and Scripting Languages
– Knowledge of languages like Python, Java, JavaScript, or C++ to trace dependencies and identify
vulnerabilities.
3. Dependency and Package Management
– Experience with package managers (e.g., npm, Maven, Pip, Gradle) and dependency trees.
4. Vulnerability Databases
– Familiarity with CVE (Common Vulnerabilities and Exposures), NVD (National Vulnerability
Database), or OSV (Open Source Vulnerabilities).
5. SBOM Standards and Tools
– SPDX (Software Package Data Exchange)
– CycloneDX
– Experience with tools that generate or analyze SBOMs (Dependency Track)
6. Open Source Software (OSS) Licensing
– Ability to analyze licensing terms and identify compliance issues in OSS components.
7. Security Frameworks
– Knowledge of security best practices (e.g., OWASP Top 10, secure coding standards).
Preferred Technical and Professional Expertise
Cloud and Container Security
– Familiarity with cloud-native and containerized environments (e.g., Docker, Kubernetes).
Database and Data Analysis
– Capability to query and analyze data from SBOM reports or vulnerability scans.
Continuous Integration/Continuous Deployment (CI/CD)
– Understanding of CI/CD pipelines and how SBOMs integrate into DevSecOps workflows
Key Job Details
Role:Security Services Specialist Location: Multiple Locations See All Austin Armonk Durham Category:Infrastructure & Technology Employment Type:Full-Time Travel Required:No Travel Contract Type:Regular Company:(0147) International Business Machines Corporation Req ID:742033BR
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.
Your Role and Responsibilities
A Security Services Specialist is responsible for evaluating vendors’ cybersecurity practices to identify risks, ensure compliance with standards, review security documentation, and recommend mitigations. They collaborate with stakeholders, monitor third-party activities, and report on risk status.
Required Technical and Professional Expertise
1. Software Development Lifecycle (SDLC) Knowledge
– Familiarity with how software is designed, developed, tested, deployed, and maintained.
2. Regulatory and Compliance Knowledge
– NIST Cybersecurity Framework (CSF)
– Executive Order 14028 (Improving the Nation’s Cybersecurity)
– SPDX or CycloneDX for SBOM formats
3. Risk Management
– Ability to identify and assess risks associated with software components, including vulnerabilities in
third-party libraries.
– Third party cyber risk assessments
4. Communication and Collaboration
– Skills in collaborating with developers, third parties and stakeholders to ensure compliance and
resolve issues.
Technical Expertise:
1. Software Composition Analysis (SCA) Tools
2. Programming and Scripting Languages
– Knowledge of languages like Python, Java, JavaScript, or C++ to trace dependencies and identify
vulnerabilities.
3. Dependency and Package Management
– Experience with package managers (e.g., npm, Maven, Pip, Gradle) and dependency trees.
4. Vulnerability Databases
– Familiarity with CVE (Common Vulnerabilities and Exposures), NVD (National Vulnerability
Database), or OSV (Open Source Vulnerabilities).
5. SBOM Standards and Tools
– SPDX (Software Package Data Exchange)
– CycloneDX
– Experience with tools that generate or analyze SBOMs (Dependency Track)
6. Open Source Software (OSS) Licensing
– Ability to analyze licensing terms and identify compliance issues in OSS components.
7. Security Frameworks
– Knowledge of security best practices (e.g., OWASP Top 10, secure coding standards).
Preferred Technical and Professional Expertise
Cloud and Container Security
– Familiarity with cloud-native and containerized environments (e.g., Docker, Kubernetes).
Database and Data Analysis
– Capability to query and analyze data from SBOM reports or vulnerability scans.
Continuous Integration/Continuous Deployment (CI/CD)
– Understanding of CI/CD pipelines and how SBOMs integrate into DevSecOps workflows
Key Job Details
Role:Security Services Specialist Location: Multiple Locations See All Austin Armonk Durham Category:Infrastructure & Technology Employment Type:Full-Time Travel Required:No Travel Contract Type:Regular Company:(0147) International Business Machines Corporation Req ID:742033BR
Projected Minimum Salary:$117,300 per year Projected Maximum Salary:$117,300-$138,000/year per year Date Posted:December 2, 2024
Job stats:
0
0
0
Tags: C CI/CD Cloud Compliance DevSecOps Docker Java JavaScript Kubernetes Maven NIST Open Source OWASP Python Risk assessment Risk management SBOM Scripting SDLC Vulnerabilities Vulnerability scans
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Security Analyst jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsSenior Network Security Engineer jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSecurity Consultant jobsSenior Penetration Tester jobsIT Security Engineer jobsSecurity Specialist jobsSenior Information Security Analyst jobsSenior Cyber Security Engineer jobsCyber Security Specialist jobsChief Information Security Officer jobsStaff Security Engineer jobsIT Security Analyst jobsInformation System Security Officer (ISSO) jobsPrincipal Security Engineer jobsCloud Security Architect jobsCyber Security Architect jobsSystems Engineer jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsSenior Information Security Engineer jobs
CI/CD jobsSaaS jobsMalware jobsForensics jobsEncryption jobsEDR jobsIDS jobsSplunk jobsTop Secret jobsIPS jobsRMF jobsSDLC jobsSQL jobsIntrusion detection jobsBash jobsCompTIA jobsThreat detection jobsDoDD 8570 jobsOWASP jobsITIL jobsFinance jobsDocker jobsActive Directory jobsTCP/IP jobsCRISC jobs
IT infrastructure jobsGIAC jobsVPN jobsHIPAA jobsUNIX jobsBanking jobsTerraform jobsClearance Required jobsSANS jobsJavaScript jobsDNS jobsPolygraph jobsSOX jobsCISO jobsOSCP jobsAnsible jobsCCSP jobsMITRE ATT&CK jobsSOC 2 jobsJira jobsGCIH jobsData Analytics jobsCryptography jobsCyber defense jobsSOAR jobs