Security Services Specialist
Multiple Cities
IBM
For more than a century, IBM has been a global technology innovator, leading advances in AI, automation and hybrid cloud solutions that help businesses grow.
Introduction
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.
Your Role and Responsibilities
A Security Services Specialist is responsible for evaluating vendors’ cybersecurity practices to identify risks, ensure compliance with standards, review security documentation, and recommend mitigations. They collaborate with stakeholders, monitor third-party activities, and report on risk status.
Required Technical and Professional Expertise
1. Software Development Lifecycle (SDLC) Knowledge
– Familiarity with how software is designed, developed, tested, deployed, and maintained.
2. Regulatory and Compliance Knowledge
– NIST Cybersecurity Framework (CSF)
– Executive Order 14028 (Improving the Nation’s Cybersecurity)
– SPDX or CycloneDX for SBOM formats
3. Risk Management
– Ability to identify and assess risks associated with software components, including vulnerabilities in
third-party libraries.
– Third party cyber risk assessments
4. Communication and Collaboration
– Skills in collaborating with developers, third parties and stakeholders to ensure compliance and
resolve issues.
Technical Expertise:
1. Software Composition Analysis (SCA) Tools
2. Programming and Scripting Languages
– Knowledge of languages like Python, Java, JavaScript, or C++ to trace dependencies and identify
vulnerabilities.
3. Dependency and Package Management
– Experience with package managers (e.g., npm, Maven, Pip, Gradle) and dependency trees.
4. Vulnerability Databases
– Familiarity with CVE (Common Vulnerabilities and Exposures), NVD (National Vulnerability
Database), or OSV (Open Source Vulnerabilities).
5. SBOM Standards and Tools
– SPDX (Software Package Data Exchange)
– CycloneDX
– Experience with tools that generate or analyze SBOMs (Dependency Track)
6. Open Source Software (OSS) Licensing
– Ability to analyze licensing terms and identify compliance issues in OSS components.
7. Security Frameworks
– Knowledge of security best practices (e.g., OWASP Top 10, secure coding standards).
Preferred Technical and Professional Expertise
Cloud and Container Security
– Familiarity with cloud-native and containerized environments (e.g., Docker, Kubernetes).
Database and Data Analysis
– Capability to query and analyze data from SBOM reports or vulnerability scans.
Continuous Integration/Continuous Deployment (CI/CD)
– Understanding of CI/CD pipelines and how SBOMs integrate into DevSecOps workflows
Key Job Details
Role:Security Services Specialist Location: Multiple Locations See All Austin Armonk Durham Category:Infrastructure & Technology Employment Type:Full-Time Travel Required:No Travel Contract Type:Regular Company:(0147) International Business Machines Corporation Req ID:742033BR
At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.
Your Role and Responsibilities
A Security Services Specialist is responsible for evaluating vendors’ cybersecurity practices to identify risks, ensure compliance with standards, review security documentation, and recommend mitigations. They collaborate with stakeholders, monitor third-party activities, and report on risk status.
Required Technical and Professional Expertise
1. Software Development Lifecycle (SDLC) Knowledge
– Familiarity with how software is designed, developed, tested, deployed, and maintained.
2. Regulatory and Compliance Knowledge
– NIST Cybersecurity Framework (CSF)
– Executive Order 14028 (Improving the Nation’s Cybersecurity)
– SPDX or CycloneDX for SBOM formats
3. Risk Management
– Ability to identify and assess risks associated with software components, including vulnerabilities in
third-party libraries.
– Third party cyber risk assessments
4. Communication and Collaboration
– Skills in collaborating with developers, third parties and stakeholders to ensure compliance and
resolve issues.
Technical Expertise:
1. Software Composition Analysis (SCA) Tools
2. Programming and Scripting Languages
– Knowledge of languages like Python, Java, JavaScript, or C++ to trace dependencies and identify
vulnerabilities.
3. Dependency and Package Management
– Experience with package managers (e.g., npm, Maven, Pip, Gradle) and dependency trees.
4. Vulnerability Databases
– Familiarity with CVE (Common Vulnerabilities and Exposures), NVD (National Vulnerability
Database), or OSV (Open Source Vulnerabilities).
5. SBOM Standards and Tools
– SPDX (Software Package Data Exchange)
– CycloneDX
– Experience with tools that generate or analyze SBOMs (Dependency Track)
6. Open Source Software (OSS) Licensing
– Ability to analyze licensing terms and identify compliance issues in OSS components.
7. Security Frameworks
– Knowledge of security best practices (e.g., OWASP Top 10, secure coding standards).
Preferred Technical and Professional Expertise
Cloud and Container Security
– Familiarity with cloud-native and containerized environments (e.g., Docker, Kubernetes).
Database and Data Analysis
– Capability to query and analyze data from SBOM reports or vulnerability scans.
Continuous Integration/Continuous Deployment (CI/CD)
– Understanding of CI/CD pipelines and how SBOMs integrate into DevSecOps workflows
Key Job Details
Role:Security Services Specialist Location: Multiple Locations See All Austin Armonk Durham Category:Infrastructure & Technology Employment Type:Full-Time Travel Required:No Travel Contract Type:Regular Company:(0147) International Business Machines Corporation Req ID:742033BR
Projected Minimum Salary:$117,300 per year Projected Maximum Salary:$117,300-$138,000/year per year Date Posted:December 2, 2024
Job stats:
0
0
0
Tags: C CI/CD Cloud Compliance DevSecOps Docker Java JavaScript Kubernetes Maven NIST Open Source OWASP Python Risk assessment Risk management SBOM Scripting SDLC Vulnerabilities Vulnerability scans
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Systems Security Officer jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsInformation Security Manager jobsSenior Network Security Engineer jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsSecurity Specialist jobsSenior Penetration Tester jobsSenior Cyber Security Engineer jobsSystems Engineer jobsChief Information Security Officer jobsSystems Administrator jobsInformation System Security Officer (ISSO) jobsPrincipal Security Engineer jobsIT Security Analyst jobsSenior Product Security Engineer jobsStaff Security Engineer jobsCloud Security Architect jobsInformation Systems Security Engineer jobsSecurity Operations Analyst jobs
Kubernetes jobsDevSecOps jobsCI/CD jobsPowerShell jobsIDS jobsEDR jobsSaaS jobsSplunk jobsIPS jobsSQL jobsTop Secret jobsRMF jobsIntrusion detection jobsSDLC jobsBash jobsITIL jobsThreat detection jobsActive Directory jobsCompTIA jobsCRISC jobsDoDD 8570 jobsBanking jobsFinance jobsDocker jobsOWASP jobs
UNIX jobsClearance Required jobsTCP/IP jobsGIAC jobsVPN jobsHIPAA jobsSANS jobsCISO jobsOSCP jobsIndustrial jobsTerraform jobsIT infrastructure jobsJavaScript jobsSOC 2 jobsSOX jobsCCSP jobsData Analytics jobsDNS jobsSOAR jobsPolygraph jobsGCIH jobsNIST 800-53 jobsMITRE ATT&CK jobsJira jobsSecurity strategy jobs