Dgm Dev Sec Ops - Bengaluru, Karnataka, India - IBM

IBM
IBM
Verified Company
Bengaluru, Karnataka, India

2 weeks ago

Deepika Kaur

Posted by:

Deepika Kaur

beBee Recuiter
Description
Introduction

At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible.

Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your Role and Responsibilities

  • Overall 10+ years of IT security operations experience
  • 5+ years in Cloud security operations experience against any major CSP
  • Strong fundamentals on implementing and designing devsecops workflow and controls
  • Hands on experience in pen testing/VAPT in a containerized environment is an advantage
  • Preferably possess industry certifications like CCSK/CISSP/CCSP or any cloud service provider security certifications
  • Manage the cloud security infrastructure through cross technology teams and automation
  • Proactively identify and remediate security risks introduced by the cloud platforms, or as per security reviews, audits and vulnerability scanning
  • Automation of security activities and secure configuration management
  • Implement solutions necessary to address security and compliance gaps
  • Be handson in providing technical guidance to the development team throughout the full development and release lifecycle
  • Ability to dive deep into software configurations and logs to recommend securitybased improvements
  • Drive monitoring and logging standards and solutions leveraging open source products
  • Identify opportunities to leverage automation to improve security and build the tools necessary to execute improvements
  • Develop and maintain security testing plans
  • Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
  • Produce actionable, threatbased, reports on security testing results
  • Communicate security issues to a wide variety of internal and external "customers" to include technical teams, executives, risk groups, vendors and regulators
  • Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
  • Foster and maintain relationships with key stakeholders and business partners
  • Define and track key security metrics to measure the effectiveness of security controls.
  • Work with external security testing vendors to coordinate pen testing and monitoring of the cloud platforms and take remedial measures where needed
  • Collaborate with development, operations, and security teams to facilitate communication and shared responsibility.
  • Strong domain expertise and technology implementation experience in more than 4 of the following areas (Data Protection, Application Security, CI/CD Integration Security, Database Security, Network Security, SIEM).
Required Technical and Professional Expertise

  • Hands on experience with testing frameworks such as the PTES and OWASP
  • Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as IBM cloud, AWS, Azure, or Google Cloud
  • Significant knowledge of security best practices for clientserver product architectures, focusing predominantly on cloudbased server development
  • Significant knowledge of multi cloud environment like AWS, GCP, Azure systems, including EC2, IAM, Cloudfare, Calico CloudWatch, CloudTrail, Config, Lambda, Security Groups, VPCs, WAF, Guard Duty, Inspector, etc.
  • Experience with cloudbased security management/IDS/IPS/SIEM tools, such as IBM Qaradar, Sysdig, Splunk, Dome9, AlienVault, AlertLogic, Fortinet, Threat Stack, IStio etc.
  • Experience extracting pertinent security data from SIEM solutions and IBM logDNA /Qradar audit, logs, and reports
  • Lifelong learner always looking to stay up to date with latest attack vectors, vulnerabilities, remediation and protection paradigms, etc.
  • Critical thinker and problem solver Excellent organizational and time management skills
Preferred Technical and Professional Expertise

  • Knowledge of Security Operations Centre implementation, PCI DSS, HIPAA is highly desirable.
  • You are a strong communicator and you value well articulated solutions by creating diagrams and well written documentations. You also understand that sometimes stakeholders and customers will look for your guidance and you re not afraid to engage them when the situation calls for it.
  • Experience in Agile methodology like daily standups, sprint planning, retrospective using tools such as Mural and Bluesight.
  • You are hands on and you are intellectually curious. You learn by doing. You are not afraid to roll up your sleeves to debug and write code
  • You love collaborative environments that use agile methodologies to encourage creative design thinking and find innovative ways to develop with cutting edge technologies
  • Ambitious individual who can work under their own directio
More jobs from IBM
See all jobs of IBM