Introduction
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
Product Transformation Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design.
Key responsibilities
• Plan the penetration test
• Select, design and create appropriate tools for testing
• Perform the penetration test on computer systems, networks, web-based and mobile applications
• Document your methodologies, findings
• Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs.
• Review your findings and feedback to development teams
• Analyse the outcomes and make recommendations for security improvements
• Carry out application, network, systems and infrastructure penetration tests
• Review physical security and perform social engineering tests where appropriate
• Evaluate and select from a range of penetration testing tools
• Keep up to date with latest testing and ethical hacking methods
• Deploy the testing methodology and collect data
• Report on findings to a range of stakeholders
• Make suggestions for security improvements
Enhance existing methodology material
•
Required Technical and Professional Expertise
• Experience - 4 to 8 years in Cybersecurity
• Web Application Testing
• Basic understanding of HTTP Protocol
• HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc.
• Basic understanding of HTML/JavaScript
• Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities
Automated Testing
• Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.)
• Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc...) to perform successful scan.
• Assessment of scanner results and intelligently identifying false positives from the scan results.
• Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender.
Manual Testing.
• Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing.
• Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing.
Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.
•
Preferred Technical and Professional Expertise
• Webservice Testing
• SOAP/REST APIs testing.
• Configuring cURL commands and POSTMAN tool to capture the request in automated scanner.
Network Testing
• Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc.
• Basic understanding of network devices like router, switches, firewall/IDS/IPS etc..
• Network scanning tools such as Nessus, Nmap, Metasploit etc.
• Exploitation and Post Exploitation of network vulnerabilities.
• Threat Model and Source code security scanning
• Perform/Participate in threat model creation/design or review
• Perform source code security scanning using (SAST) tools like IBM AppScan, Contrast and other popular open-source tools.
Security Certifications
• Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc
About Business UnitIBM's Cloud and Cognitive software business is committed to bringing the power of IBM's Cloud and Watson/AI technologies to life for our clients and ecosystem partners around the world. IBM provides you with the most comprehensive and consistent approach to development, security and operations across hybrid environments--with complete software solutions for business and IT operations, development, data science, security, and management. Our experts and software capabilities help organizations develop applications once and deploy them anywhere, integrate security across the breadth of their IT estate, and automate operations with management visibility. With IBM, you also have access to new skills and methods, governance and management approaches, and a deep ecosystem of industry experts and partners.
This job requires you to be fully COVID-19 vaccinated prior to your start date and proof of vaccination status will be required before your start date. During the Onboarding process you will be asked to confirm your vaccination status, in case you are unable to get vaccinated for any reason, you can let us know at that stage. Please let us know if you are unable to be vaccinated due to medical or religious reasons. IBM will consider such requests on a case by case basis subject to submission of required proof by the candidate before a stipulated date.
Your Life @ IBMIn a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.
Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.
Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.
Are you ready to be an IBMer?
About IBMIBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.
Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business.
At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.
Location StatementWhen applying to jobs of your interest, we recommend that you do so for those that match your experience and expertise. Our recruiters advise that you apply to not more than 3 roles in a year for the best candidate experience.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBMIBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.