"Alerted.org

Introduction

A career in IBM Software means you'll be part of a team that transforms our customers' challenges into industry-leading solutions.

We are an infinitely curious team, always seeking new possibilities, and dedicated to creating the world's leading AI-powered, cloud-native software solutions. Our renowned legacy creates endless global opportunities for our network of IBMers. We are a team of deep product experts, ensuring exceptional client experiences, with a focus on delivery, excellence, and obsession over customer outcomes.

IBM's product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive.

This role will be located within the IBM Software business unit directly supporting the Apptio line of business within their Government Risk and Compliance team.

This is a hybrid role that will require the ability to perform as a Security Specialist while at the same time performing Security Engineer responsibilities for our security tools in support of our security program.

As a security specialist, you will be responsible for managing internal and external security assessments, completion of FedRAMP and Department of Defense (DoD) vulnerability management Continuous Monitoring activities, providing guidance to technical teams on remediation activities, and performing control testing to validate proper operation.

As a security engineer, you will be responsible for maintaining the Apptio Information Security tools at proper release levels, maintaining and updating custom developed Continuous Monitoring automation, and developing ad-hoc automation to enhance existing manual activities.

Your role and responsibilities

As a Security Specialist, you will:

* Maintain and enhance FedRAMP Continuous Monitoring automation through Python scripting.

* Deploy, manage, and upgrade AWS-based security automation, integrating Lambda, SDK, DynamoDB, and S3.

* Ensure the stability and compliance of InfoSec-managed systems, maintaining availability and adherence to security requirements.

* Develop automation solutions to streamline manual security and compliance activities.

* Collaborate with engineering and operations teams to align infrastructure with compliance mandates.

* Oversee internal and external security assessments, ensuring compliance with FedRAMP and Department of Defense (DoD) Continuous Monitoring requirements.

* Guide technical teams on vulnerability remediation and risk mitigation strategies.

* Perform control testing to validate security measures and maintain compliance.

* Maintain and update the Plan of Action and Milestones (POA&M), including findings from initial assessments and ongoing monitoring.

* Develop and manage a robust continuous monitoring program in coordination with FedRAMP ISSOs and compliance leaders.

* Deliver compliance metrics and trend analysis to executive leadership.

Required technical and professional expertise

* Technical Expertise: Advanced proficiency in AWS (Lambda, SDK, DynamoDB, S3) and Python scripting for automation.

* Security & Compliance Knowledge: 3+ years of experience in information security, vulnerability management, and continuous monitoring.

* Infrastructure & Deployment Experience: Hands-on experience with Kubernetes, Docker, Terraform, and cloud service management (preferably AWS).

* Regulatory Frameworks: Familiarity with FedRAMP, SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR, and NIST compliance requirements.

Preferred technical and professional experience

None

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.