IBM Application Security Senior Managing Consultant in Austin, Texas
The Application Security Senior Managing Consultant will be an integral leader in IBM’s North America Security Services practice. The potential candidate will be a trusted advisor to our Fortune 500 clients and a security expert that can speak to “secure by design” concepts, secure application development mythologies, and have the ability to communicate recommendations and program enhancements to both technical and leadership/executive audiences. The consultant will be focused on and have an in-depth of knowledge of Application Security, complemented by general security knowledge across domains and competencies. The successful candidate will perform application security assessments, lead code reviews, perform application security program maturity assessments, and perform process analysis, improvement, and establishment of Software Development Life Cycles (SDLC)in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process. The consultant will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security.
Effective communication and presentation skills
Ability to pin-point systemic programmatic issues and develop actionable corrective actions
The ability to lead teams between of 3-10 and be a primary facilitator
Demonstrated written skills
Comfortable working in a project based / client serving model
Ability to lead and shape client expectations
Help drive pursuits and engage in complex deals, matching outcomes to expectations
Ability to work easily with diverse and dynamic teams
Ability to work in a matrix management model
Projects may include:
Performing application security program assessments and maturity scoring
Performing application vulnerability and security assessments
Performing application security risk assessments
Leading code reviews across a variety of programming languages
Performing assessments of SDLC processes
Performing threat modeling
Developing testing scripts and procedures
Developing and delivering application security training and outreach
Creating gap analysis and client improvement program recommendations
Other security-related projects that may be assigned according to skills
Delivering professionally written reports for clients
Marketing and Sales:
Present Application Security Service offerings and points of view to clients in sales calls and present at conferences.
Work with clients to define requirements and subsequently design solutions to meet client needs.
Lead efforts to develop solutions and proposals for potential Application Security deals and capture a minimum of $2M sales.
Provide demonstration of IBM credentials in the Application Security domain.
Help establish demonstrated client relationships in key accounts to help progress the Application Security Services portfolio and cross-sell into other security competencies.
Required Technical and Professional Expertise
10+ years experience in working with consulting and systems integration methods
At least 5 years of experience working on projects related to Application Security
At least 5 years of experience in IT and / or software development
Experience in application code review methods and standards
Experience in application development and coding
Experience in OWASP TOP 10 vulnerabilities, tools and methodologies
Experience in and an understanding of HTTP protocol and web programming
Experience in common application security requirements
Experience in standard Software Development Life Cycle (SDLC) practices
Experience working across diverse teams to facilitate solutions
Self-motivated individual with the ability to work in a high-achieving team environment as well as independently
Willingness to travel 75% annually within North America
Preferred Tech and Prof Experience
Big 4 / Top Tier Management Consulting experience
Experience with web application development
Familiarity with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
Familiarity with web application vulnerability scanning tools (e.g., IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
Familiarity with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
Familiarity with interactive and automated penetration testing
Experience working with security consulting teams
Certified in CISSP, CEH, and/or CSSLP
Application security experience with major programming languages (e.g., Java, C, C++, .NET (C#, VB))
Experience leading software development projects
Experience with threat modeling and security risk assessments
MBA or Master’s Degree in a related field
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.