Introduction A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You'll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you'll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You'll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences. Your role and responsibilities As a seasoned Security Consultant specializing in Application Security, you will help client IT and business executives comprehend Application security issues, risks, exposures, and vulnerabilities. By leveraging your expertise, you will provide consulting services to analyze and resolve security incidents, ultimately enhancing the client's overall security posture. Your primary responsibilities will include: - Define Security Strategies: Develop business drivers and associated Application and DevSecOps security strategies, programs, incident response plans, and remediation recommendations and roadmaps by applying security principles and knowledge of Application Security technologies, Threat models, and DevSecOps concepts and best practices. - Analyze Security Incidents: Provide consulting services to analyze and resolve security incidents, working closely with clients to identify root causes and implement effective solutions. - Conduct Assessments: Utilize interviews, workshops, and assessments to identify Application security issues, risks, exposures, and vulnerabilities, providing clients with a comprehensive understanding of their security landscape. - Develop Recommendations: Create actionable recommendations and roadmaps to help clients achieve a superior security posture, aligning with their business objectives and priorities. Required technical and professional expertise - Deep Expertise in Application Security: Proven experience in analyzing and resolving security incidents, with a strong understanding of Application Security technologies, Threat models, and DevSecOps concepts and best practices. - Experience with Security Strategy Development: A track record of developing business-driven Application and DevSecOps security strategies, programs, incident response plans, and remediation recommendations and roadmaps. - Proficiency in Threat Modeling: Skilled in identifying and assessing potential security threats, with expertise in creating threat models and implementing effective mitigation strategies. - Strong Understanding of DevSecOps Concepts: Experienced in applying DevSecOps principles and practices to improve the security posture of applications and systems. - Experience with Security Assessments: Adept at conducting comprehensive security assessments using various methods, including interviews, workshops, and technical evaluations. Preferred technical and professional experience - Advanced Threat Modeling: Experience with threat modeling methodologies, including the ability to identify and assess potential security threats, create threat models, and implement effective mitigation strategies. - Cloud Security Knowledge: Familiarity with cloud-based security technologies and platforms, including their integration with DevSecOps practices. - Compliance and Regulatory: Understanding of compliance and regulatory requirements related to application security, including industry-specific standards and best practices. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.