DAS Application Security Lead

At IBM CIC, we deliver deep technical and industry expertise to a wide range of public and private sector clients in the UK. A career in IBM CIC means you'll have the opportunity to work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM CIC. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions which impact a wide network of clients, whom may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

We offer:

• A multitude of training opportunities from classroom to e-learning, mentoring and coaching programs as well as the chance to gain industry recognized certifications
• Regular and frequent promotion and progression opportunities to ensure you can drive and develop your career with us
• Feedback and checkpoints throughout the year
• Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
• A culture where your ideas for growth and innovation are always welcome
• Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
• Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme
• More traditional benefits, such as 25 days holiday (in addition to public holidays), online shopping discounts, an Employee Assistance Program, a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future.

In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

Your role and responsibilities:

As a Cybersecurity Architect, you will specialize in DevSecOps, integrating security into the software development lifecycle, automating security practices, and ensuring robust threat modeling and vulnerability management. Your primary focus will be on cloud-native and on-premises environments, with a strong emphasis on application security, infrastructure as code (IaC) security, and cloud security posture management. Additionally, you will contribute to data security efforts, securing data at rest, managing key management systems, and ensuring strong governance across data access.

Responsibilities:

• Integrate security into the software development lifecycle, automating security practices into CI/CD pipelines.
• Implement automated security testing (SCA, SAST, DAST) to identify and remediate vulnerabilities at every stage of development.
• Secure IaC configurations, ensuring secure provisioning, configuration management, and continuous monitoring of infrastructure.
• Utilize CNAPP and CSPM tools to secure cloud-native environments, focusing on application security and cloud posture management.
• Design and deploy PKI solutions for secure key management, including key generation, key ceremonies, and certificate management.

Required education: None

Preferred education: Bachelor's Degree

Required technical and professional expertise:

• Proven experience in DevSecOps, integrating security into the software development lifecycle.
• Strong focus on automating security practices into CI/CD pipelines and ensuring collaboration between security and development teams.
• Proficiency in application security testing methodologies (white-box, gray-box).
• Experience with cloud-native environments, container security, and IaC security.
• Deep knowledge of data protection, encryption standards, Q-Safe, and PKI systems, ensuring compliance and governance across both application and data security.

Preferred technical and professional experience:

• Experience with Prisma Cloud and Palo Alto security tools.
• Proficiency in DLP, CASB, and DAG technologies.
• Familiarity with DSPM tools, data classification tools, and CI/CD tools.
• Knowledge of SCA, SAST, and DAST tools.
• Experience with IaC security tools, container security tools, and Kubernetes security.

IBM Consulting is IBM's consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients' businesses through the power of collaboration.

IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

IBM wants you to bring your whole self to work and for you this might mean the ability to work flexibly. If you are interested in a flexible working pattern, please talk to our recruitment team to find out if this is possible in the current working environment.