IBM Cloud Object Storage DevOps Engineer

very phase of their product development life cycle and the Security and Compliance Focal is expected to ensure security is built into the design, planning, implementation, and execution of our network services.

Required Technical and Professional Expertise

• 5+ years of demonstrated experience in successful driving and execution of compliance programs for common IT security standards/regulations: SOC1/2/3, ISO27K, HIPAA, PCI, FBA (formerly FFIEC), FedRAMP, GDPR, etc.

• 5+ years of working experience with designing/building cloud software and infrastructure.

• Expert knowledge of all layers of the OSI model, most importantly the network (layer 3) and application (layer 7).

• Domain expertise in cloud software and infrastructure technologies.

• Strong knowledge and understanding in penetration testing methodologies and exploits (web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies).

• Strong knowledge and understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications.

• Strong ability to communicate highly technical aspects to Executives, IT staffs, CISO team, auditors, respectively.

• Strong experience with various scripting languages (Python, Ruby, Bash, etc.).

• Familiarity with serverless services, containerization and other cloud technologies.

• Strong familiarity with OWASP Top Ten, NIST, CIS and MITRE ATT&CK

• 5+ years of demonstrating experience in system or application administration role(s).

Preferred Technical and Professional Expertise

• 7+ years of demonstrated experience in successful driving and execution of compliance programs for common IT security standards/regulations: SOC1/2/3, ISO27K, HIPAA, PCI, FBA (formerly FFIEC), FedRAMP, GDPR, etc.
• 7+ years of working experience with designing/building cloud software and infrastructure.
• Expert knowledge of all layers of the OSI model, most importantly the network (layer 3) and application (layer 7).
• Domain expertise in cloud software and infrastructure technologies.
• Expert knowledge and understanding in penetration testing methodologies and exploits (web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies).
• Expert knowledge and understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications.
• Expert ability to communicate highly technical aspects to Executives, IT staffs, CISO team, auditors, respectively.
• Expert experience with various scripting languages (Python, Ruby, Bash, etc.).
• Deep understanding and implementation with serverless services, containerization and other cloud technologies.
• Domain expertise with OWASP Top Ten, NIST, CIS and MITRE ATT&CK.
• 7+ years of demonstrating experience in system or application administration role(s).