Consulting Security Consultant Professional London, GB

At IBM CIC, we deliver deep technical and industry expertise to a wide range of public and private sector clients in the UK.

A career in IBM CIC means you'll have the opportunity to work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio.

Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions which impact a wide network of clients, whom may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

We offer:

• Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications
• Regular and frequent promotion opportunities to ensure you can drive and develop your career with us
• Feedback and checkpoints throughout the year
• Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
• A culture where your ideas for growth and innovation are always welcome
• Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
• Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme
• More traditional benefits, such as 25 days holiday (in addition to public holidays), online shopping discounts, an Employee Assistance Program, a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future.

In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

Your role and responsibilities

We are seeking a Cybersecurity Architect to join our Data and Application Security team. Our Data Security services cover a wide range of areas, including

• Cloud Access Security Brokers (CASB),
• Data Access Governance (DAG),
• PKI (Public Key Infrastructure) key management,
• Q-Safe services.

On the Application Security side, we provide comprehensive coverage across white-box and Gray-box testing, as well as consulting services for DevSecOps engineering.

This role will primarily focus on DevSecOps, where we need a technical expert to drive security automation, integration, and resilience across the software development lifecycle. You will work closely with development teams to integrate security practices into CI/CD pipelines, implement automated security testing, and ensure robust threat modelling and vulnerability management within cloud-native and on-premises environments.

While the core responsibility will be around DevSecOps, we are also seeking candidates with in-depth expertise in data security and encryption. Your knowledge will be essential in securing data at rest, managing key management systems, and ensuring strong governance across data access.

Key responsibilities include:

• Leading threat modelling workshops with cross-functional teams to identify potential security risks early in the software development lifecycle and recommending effective mitigation strategies.
• Designing and implementingsecurity testing (SCA, SAST, DAST) as part of the DevSecOps pipeline to identify and remediate vulnerabilities at every stage of the development process.
• Designing and implementing IaC security solutions to ensure secure provisioning, configuration, and continuous monitoring of infrastructure as code.
• Implementing and securing cloud-native environments with CNAPP and CSPM, focusing on application security and cloud posture management.
• Designing and deploying PKI solutions for secure key management, including key generation, key ceremonies, and certificate management. Master key ceremony experience is highly valued, specifically for secure key generation and lifecycle management, ensuring that root or master keys are securely generated, stored, distributed, and rotated, in compliance with stringent security protocols and best practices.
• Applying DLP, CASB, and DAG technologies to ensure strong governance, data access control, and protection against data leakage.
• Ensuring workload protection across containerized applications, microservices, and virtualized environments to maintain runtime security.
• Implementing data-at-rest encryption and Q-Safe solutions to secure stored data and manage cryptographic keys throughout their lifecycle.

Required education None

Preferred education

Bachelor's Degree

Required technical and professional expertise

Key areas of expertise include:

• DevSecOps: Strong focus on integrating security into the software development lifecycle, automating security practices intoCI/CD pipelines, and ensuring seamless collaboration between security and development teams.
• Experience with automated SCA (Software Composition Analysis), SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing) to identify vulnerabilities early and throughout development.
• Application Security: Proficiency in application security testing, including white-box and gray-box testing methodologies. Strong experience in DevSecOps engineering, securing cloud-native and on-premises applications, and managing runtime protection.
• Infrastructure as Code (IaC) Security: Expertise in securing IaC (Infrastructure as Code) configurations, ensuring secure provisioning, configuration management, and continuous monitoring of infrastructure.
• Cloud-Native Application Protection Platform (CNAPP): Securing cloud-native applications, microservices, containers, and Kubernetes environments by identifying and mitigating vulnerabilities and misconfigurations across the application lifecycle.
• Cloud Security Posture Management (CSPM): Utilizing CSPM tools to ensure proper configuration and compliance with security policies across cloud environments (AWS, Azure, GCP).
• Workload Protection: Ensuring runtime security for applications, containers, and infrastructure, focusing on protecting workloads from vulnerabilities, threats, and attacks in both cloud and on-prem environments.
• Data Security (DLP, CASB, DAG, PKI): Knowledge of Data Loss Prevention (DLP) solutions to prevent unauthorized data access or leakage, CASB for securing cloud applications, and Data Access Governance (DAG) for managing access to sensitive data.
• Proficiency in PKI architecture and key management, including the management of cryptographic keys, key ceremonies, and other related key management processes.
• Data-at-Rest Encryption & Key Management: Expertise in implementing data-at-rest encryption strategies, ensuring the protection of stored data, and managing key management solutions for encryption keys throughout their lifecycle.
• Knowledge of Q-Safe for securing sensitive data and cryptographic key management.

We are particularly interested in candidates with

• extensive experience in PKI architecture
• key management
• master key ceremonies for the secure generation, storage
• handling of cryptographic keys.

Preferred technical and professional experience The ideal candidate will have:

• Hands-on experience with DevSecOps tools and technologies, including security scanning, code analysis, container security, and cloud security best practices.
• Prisma Cloud: Experience with Prisma Cloud is highly preferred, as it provides comprehensive cloud-native security, including cloud security posture management (CSPM), Cloud-Native Application Protection Platform (CNAPP), and workload protection capabilities.
• Familiarity with Prisma Cloud to secure the full application lifecycle, from code to cloud, is essential.
• Palo Alto Networks: Experience with Palo Alto security tools, including Palo Alto Firewalls, Prisma Cloud, and Cortex XSOAR, for cloud and network security is highly desirable.
• DLP (Data Loss Prevention): Proficiency in implementing DLP solutions to prevent the leakage of sensitive data across endpoints, networks, and cloud environments.
• CASB (Cloud Access Security Broker): Experience with CASB solutions to control and monitor user activities across cloud services, ensuring secure cloud application usage and preventing unauthorized access or data leaks.
• DSPM (Data Security Posture Management): Familiarity with DSPM tools to assess, monitor, and improve the security posture of data across cloud environments, ensuring compliance and minimizing risks related to sensitive data exposure.
• Data Classification Tools: Experience with data classification tools to categorize and tag sensitive data, ensuring proper access controls and governance for data security.
• Familiarity with CI/CD tools like Jenkins, GitLab, or GitHub Actions for integrating security practices.
. click apply for full job details