Job Detail

International Business Machines (IBM) is the world’s leading information technology products, services and solutions company. The company’s portfolio of capabilities ranges from services to software, hardware, fundamental research, financing and the component technologies used to build larger systems. 2014 revenues were $92 billion, with over 380, 000 employees operating in more than 160 countries.

IBM is an innovation company. Both in what we do and in how we do it, we pursue continuous transformation – always remixing to higher value in our portfolio and skills, in the capabilities we deliver to our clients and in our own operations and management practices. With the advent of Cloud, Mobile, Social and Analytics, the world has experienced a massive change in the way business is conducted. For example, the world produces over 2.5 quintillion bytes of data everyday and 80% of it is unstructured. Therefore, it’s invisible to current technology. IBM Watson along with our brand new Cognitive Consulting business is a cognitive system that can understand that data, learn from it and reason through it. That’s how industries as diverse as healthcare, retail, banking and travel are using Watson to reshape their industries.

At all levels within the company, IBM is looking for external talent to continue our transformation and continue to focus our growth in these new areas.

Job Description

The successful candidate will perform application security assessments, code reviews, and Software Development Life Cycle (SDLC) security consulting in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process, and will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security.

Projects may include:

•Performing application vulnerability and security assessments

•Performing application security risk assessments

•Performing code review across a variety of programming languages

•Performing assessments of SDLC processes

•Developing testing scripts and procedures

•Developing and delivering application security training and outreach

•Creating gap analysis and client improvement program recommendations

•Other security-related projects that may be assigned according to skills



Candidates must have demonstrated experience in successfully completing tasks and delivering professionally written reports for clients. Must have the ability to present findings to technical staff and executives.



Required Technical and Professional Expertise



Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP) •Application security experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))

•Experience leading software development projects

•Experience with threat modeling and security risk assessment

•Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)

•Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro)

•Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify) •Familiarity with interactive and automated penetration testing



Preferred Tech and Prof Experience



Fluent German language



EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.