Senior IT Risk Analyst ( Cyber Security ) - DevSecOps
Bucharest (Municipiul Bucureşti)
Job description
Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
As a DevSecOps at IBM you will work with an IT Risk Analysts Team in ensuring the security and quality of our applications throughout the SW development cycle. A Security Champion working with other IT teams in reviewing security reports from tools such as Nexus IQ and Fortify, explaining to developers what needs to be done to correct vulnerabilities; planning and organising penetration testing with application owners and our pentesters (ISPL), following up on the closing of vulnerabilities found.
Your Role and Responsibilities :
· Review security reports from tools such as Nexus IQ and Fortify, and identify the most critical and relevant vulnerabilities for each application.
· Plan and organise penetration testing with application owners and ISPL, and ensure that the testing scope, methodology, and timeline are aligned with the risk assessment and the security policy.
· Follow up on the closing of vulnerabilities found in pentests, and verify that the remediation actions are effective and compliant with the security standards.
· Monitor and report on the security status and performance of the applications, and provide recommendations for improvement.
· Explain to developers the nature and impact of the vulnerabilities, and provide guidance and support on how to fix them.
Required Technical and Professional Expertise
· At least 3 years of experience in IT risk management, application security, or DevSecOps
· Knowledge of security tools such as nexus IQ, fortify, and penetration testing tools
· Certifications such as CISSP, CISM, or CEH are a great plus
· Advanced English language level
Preferred Technical and Professional Expertise
-