Application Security Consultant
As a seasoned Security Consultant specializing in Application Security, you will help client IT and business executives comprehend application security issues, risks, exposures, and vulnerabilities. Leveraging your expertise, you will provide consulting services to analyze and resolve security incidents, ultimately enhancing the client’s overall security posture.
Responsibilities
- Define Security Strategies: Develop business drivers and associated application and DevSecOps security strategies, programs, incident response plans, and remediation recommendations and roadmaps by applying security principles and knowledge of application security technologies, threat models, and DevSecOps concepts and best practices.
- Analyze Security Incidents: Provide consulting services to analyze and resolve security incidents, working closely with clients to identify root causes and implement effective solutions.
- Conduct Assessments: Utilize interviews, workshops, and assessments to identify application security issues, risks, exposures, and vulnerabilities, providing clients with a comprehensive understanding of their security landscape.
- Develop Recommendations: Create actionable recommendations and roadmaps to help clients achieve a superior security posture, aligning with their business objectives and priorities.
Required Education
Bachelor’s Degree
Preferred Education
Bachelor’s Degree
Required Technical and Professional Expertise
- Deep Expertise in Application Security: Proven experience in analyzing and resolving security incidents, with a strong understanding of application security technologies, threat models, and DevSecOps concepts and best practices.
- Experience with Security Strategy Development: A track record of developing business-driven application and DevSecOps security strategies, programs, incident response plans, and remediation recommendations and roadmaps.
- Proficiency in Threat Modeling: Skilled in identifying and assessing potential security threats, with expertise in creating threat models and implementing effective mitigation strategies.
- Strong Understanding of DevSecOps Concepts: Experienced in applying DevSecOps principles and practices to improve the security posture of applications and systems.
- Experience with Security Assessments: Adept at conducting comprehensive security assessments using various methods, including interviews, workshops, and technical evaluations.
Preferred Technical and Professional Experience
- Advanced Threat Modeling: Experience with threat modeling methodologies, including the ability to identify and assess potential security threats, create threat models, and implement effective mitigation strategies.
- Cloud Security Knowledge: Familiarity with cloud-based security technologies and platforms, including their integration with DevSecOps practices.
- Compliance and Regulatory: Understanding of compliance and regulatory requirements related to application security, including industry-specific standards and best practices.
Equal Employment Opportunity Statement
IBM is proud to be an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
