Security Consultant

IBM

For more than a century, IBM has been a global technology innovator, leading advances in AI, automation and hybrid cloud solutions that help businesses grow.

Introduction
In this role, you’ll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.

You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you’ll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
As a Security Consultant, you’ll provide excellent technical guidance to customers transforming their environment to increase their cryptography assets in to a Post Quantum Computing higher level of compliance. You will provide best practices on secure foundational to cloud and on-premises development practices implementations, automated provisioning of infrastructure and applications, cloud-ready application architectures, and more. You’ll provide prescriptive guidance in ensuring customers receive the best of what we can offer and you will ensure that customers have the best experience in migrating, building, modernizing, and maintaining applications on a multi-cloud environment. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will have high visibility at the most senior levels of customer organizations, including frequent interaction with CIOs, CISOs, CTOs, their staff, and senior leadership.

Required Technical and Professional Expertise

1. Design, implement and transform the clients development life cycle in line with a developed maturity roadmap focused on reducing enterprise risk through Threat Modeling.
2. Design and implement solutions that meet complex requirements and consistently meet client expectations.
3. Expertise designing and building security capabilities in scripts and code; and deploying infrastructure in code, always bringing a vision on how to approach a higher level of maturity on Crypto Agility practices and methodology.
4. Design, develop, test, implement and advise the customer on various elements of a technical solution.
5. Engage in business development and proposal generation activities.
6. Understand enterprise security solutions such as WAF, IPS, Anti-DDOS, and SIEM.
7. Demonstrated understanding of drawing out customer needs and delivering practical outcomes addressing those needs.
8. Understanding architectural implications of meeting industry standards such as PCI DSS, ISO 27001, CNSA Suite 2.0 and NIST frameworks.
9. Familiarity with SCA, SAST, DAST and IAST tools.
10. Strong understanding of application security frameworks (e.g., OWASP Top 10, NIST) and ability to apply them in real-world environments.
11. Familiarity with DevSecOps practices, including how security integrates into CI/CD pipelines and secure software development lifecycles (SDLC).
12. Knowledge of programming languages (Java, Python, .NET) and a good understanding of common security vulnerabilities like SQL Injection, XSS, CSRF, etc.
13. Experience with application security tools (OpenText Fortify, Veracode, Checkmarx, Synopsys or similar solutions).
14. Help to create security architecture systems that protect against any exposures or attacks.
15. Help to prioritize vulnerabilities patches and cryptographic approaches to ensure a higher level of maturity.
16. Knowledge of cryptographic primitives and how to use crypto toolkits securely.
17. Understanding of systematic encryption, public key encryption, digital signatures and message authentication codes.
18. Knowledge of NIST standards and recommendations for classical and post-quantum algorithms.
19. Knowledge of public-key and symmetric algorithms (such as AES-256, RSA, ECDSA) and their respective risks and vulnerabilities in post-quantum scenarios.
20. Knowledge of hash-based signatures (LMS and XMSS) for software and firmware signing.
21. Ability to develop and implement a crypto-agility strategy that allows for a fast and effective transition between cryptographic algorithms as threats and technologies evolve.
22. Understanding of the basic concepts of quantum computing, such as superposition and entanglement, and the associated security challenges.
23. Experience with network security, encryption of data in transit and at rest, and protection of critical infrastructures.
24. Experience in quantum security risk assessment and mitigation planning.

**Todas as nossas vagas são elegíveis para pessoas com deficiência ou reabilitadas**

Preferred Technical and Professional Expertise
– Design implement and transform the clients development life cycle in line with a developed maturity roadmap focused on reducing enterprise risk through Threat Modeling;
– Design and implement solutions that meet complex requirements and consistently meet client expectations;
– Identify innovative approaches to improve the accuracy and efficiency of client project deliveries;
– Apply knowledge of client issues related to the integration of people, strategy;
– Conduct a holistic assessment of client’s IT security operations including cyber threat intelligence, program based in IBM’s proprietary maturity framework;
– Knowledge securing CI/CD production environments.
– Ability to implement post-quantum cryptography in cloud environments (AWS, Azure, GCP), adapting to a hybrid security configuration.
– Practical experience or theoretical knowledge in Quantum Key Distribution (QKD) and secure quantum communications.
– Familiarity with quantum programming languages such as Qiskit (IBM), Cirq (Google), or other quantum frameworks.
– Experience in international collaborative projects, especially in governmental or academic initiatives for quantum and cyber security.
– Experience in developing quantum algorithms, particularly for simulating attacks on cryptographic systems
– Background in academic publications or participation in conferences on quantum security, post-quantum cryptography, or cybersecurity.

Key Job Details
Role: Security Consultant Location: São Paulo, BR Category: Consulting Employment Type: Full-Time Travel Required: Up to 80% or 4 days a week (home on weekends – based on project requirements) Contract Type: Regular Company: (0022) IBM Brasil-Industria, Maquinas e Servicos Limitada Req ID:736877BR