Introduction
Since our founding, IBMers have been driven by a singular purpose. Making an impact on each other, our clients, and the world, we strive to Be Essential. By developing trust and personal responsibility in all relationships IBMers around the world have focused on innovation that matters to the world and have dedicated themselves to every client’s success by focusing and believing in our core values.
IBM is seeking a qualified Penetration Tester to join its collaborative and energetic Red Team. This position will reside in the IBM Public Cloud organization providing penetration testing services and performing red team assessments against IBM Public Cloud offerings. IBM Public Cloud serves hundreds of clients every day to drive their success in both the Federal and Commercial sectors.
As a Penetration Tester, you will work closely with multiple departments, including development, architecture, and compliance, to perform security testing against various system(s) and application(s). You will assist in the development and planning of remediation strategies to mitigate identified risks and vulnerabilities.
Your Role and Responsibilities
Required Technical and Professional Expertise
Preferred Technical and Professional Expertise
Since our founding, IBMers have been driven by a singular purpose. Making an impact on each other, our clients, and the world, we strive to Be Essential. By developing trust and personal responsibility in all relationships IBMers around the world have focused on innovation that matters to the world and have dedicated themselves to every client’s success by focusing and believing in our core values.
IBM is seeking a qualified Penetration Tester to join its collaborative and energetic Red Team. This position will reside in the IBM Public Cloud organization providing penetration testing services and performing red team assessments against IBM Public Cloud offerings. IBM Public Cloud serves hundreds of clients every day to drive their success in both the Federal and Commercial sectors.
As a Penetration Tester, you will work closely with multiple departments, including development, architecture, and compliance, to perform security testing against various system(s) and application(s). You will assist in the development and planning of remediation strategies to mitigate identified risks and vulnerabilities.
Your Role and Responsibilities
- Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure
- Plan and perform red team exercises against various cloud offerings
- Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team
- Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization
- Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises
- Research and continuously improve skills in attacker tools, methods, and techniques
- Lead by example for the greater red team in professionalism, communication, and technical expertise
Required Technical and Professional Expertise
- 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies
- Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications.
- Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively
- Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies
- Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.)
- Nice to Possess one or more of the following credentials: CEH, eJpt, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification.
- Familiarity with serverless services, containerization and other cloud technologies
- Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK
- 3+ years of demonstrating experience in system or application administration role(s)
Preferred Technical and Professional Expertise
- 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies
- Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications.
- Expertise in developing exploits and customized attack tooling and approaches
- Demonstrated security research leading to bug bounty and CVE awards
- Deep understanding of serverless services, containerization and other cloud
- technologies
- Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.)
- Good to have one or more of the following credentials: CEH, eJPT, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification.
- Familiarity with serverless services, containerization and other cloud technologies
- Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK
- 3+ years of demonstrating experience in system or application administration role(s)
More Information
Application Details
-
Organization Details
IBM IN
Recommended Comments
There are no comments to display.
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.