IBM Application Security Senior Managing Consultant in Boston, Massachusetts

Job Description

The Application Security Senior Managing Consultant will be an integral leader in IBM’s North America Security Services practice. The potential candidate will be a trusted advisor to our Fortune 500 clients and a security expert that can speak to “secure by design” concepts, secure application development mythologies, and have the ability to communicate recommendations and program enhancements to both technical and leadership/executive audiences. The consultant will be focused on and have an in-depth of knowledge of Application Security, complemented by general security knowledge across domains and competencies. The successful candidate will perform application security assessments, lead code reviews, perform application security program maturity assessments, and perform process analysis, improvement, and establishment of Software Development Life Cycles (SDLC)in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process. The consultant will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security.

Core Consulting:

  • Effective communication and presentation skills

  • Ability to pin-point systemic programmatic issues and develop actionable corrective actions

  • The ability to lead teams between of 3-10 and be a primary facilitator

  • Demonstrated written skills

  • Comfortable working in a project based / client serving model

  • Ability to lead and shape client expectations

  • Help drive pursuits and engage in complex deals, matching outcomes to expectations

  • Ability to work easily with diverse and dynamic teams

  • Ability to work in a matrix management model

Projects may include:

  • Performing application security program assessments and maturity scoring

  • Performing application vulnerability and security assessments

  • Performing application security risk assessments

  • Leading code reviews across a variety of programming languages

  • Performing assessments of SDLC processes

  • Performing threat modeling

  • Developing testing scripts and procedures

  • Developing and delivering application security training and outreach

  • Creating gap analysis and client improvement program recommendations

  • Other security-related projects that may be assigned according to skills

  • Delivering professionally written reports for clients

Marketing and Sales:

  • Present Application Security Service offerings and points of view to clients in sales calls and present at conferences.

  • Work with clients to define requirements and subsequently design solutions to meet client needs.

  • Lead efforts to develop solutions and proposals for potential Application Security deals and capture a minimum of $2M sales.

  • Provide demonstration of IBM credentials in the Application Security domain.

  • Help establish demonstrated client relationships in key accounts to help progress the Application Security Services portfolio and cross-sell into other security competencies.

Required Technical and Professional Expertise

  • 10+ years experience in working with consulting and systems integration methods

  • At least 5 years of experience working on projects related to Application Security

  • At least 5 years of experience in IT and / or software development

  • Experience in application code review methods and standards

  • Experience in application development and coding

  • Experience in OWASP TOP 10 vulnerabilities, tools and methodologies

  • Experience in and an understanding of HTTP protocol and web programming

  • Experience in common application security requirements

  • Experience in standard Software Development Life Cycle (SDLC) practices

  • Experience working across diverse teams to facilitate solutions

  • Self-motivated individual with the ability to work in a high-achieving team environment as well as independently

  • Willingness to travel 75% annually within North America

Preferred Tech and Prof Experience

  • Big 4 / Top Tier Management Consulting experience

  • Experience with web application development

  • Familiarity with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)

  • Familiarity with web application vulnerability scanning tools (e.g., IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro)

  • Familiarity with static analysis tools (e.g., IBM Appscan Source, HP Fortify)

  • Familiarity with interactive and automated penetration testing

  • Experience working with security consulting teams

  • Certified in CISSP, CEH, and/or CSSLP

  • Application security experience with major programming languages (e.g., Java, C, C++, .NET (C#, VB))

  • Experience leading software development projects

  • Experience with threat modeling and security risk assessments

  • MBA or Master’s Degree in a related field

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.