Introduction
Join IBM CIC, where we deliver top-notch technical and industry expertise to a diverse array of clients in both the public and private sectors in the UK. A career here allows you to work alongside leading professionals and contribute to the hybrid cloud and AI journeys of some of the world’s most innovative companies.
At IBM CIC, we foster a culture predicated on curiosity and continual learning. You'll receive the support and resources needed to enhance your skills and stay current in a rapidly evolving market. Collaborate with diverse teams to provide creative, impactful solutions that resonate across a wide client network at various locations, including our CIC or IBM sites. We prioritize long-term career development and are committed to nurturing your unique talents and experiences.
We Offer
• Extensive training opportunities ranging from classroom to online learning, mentorship, and coaching programs, plus access to industry-recognized certifications.
• Frequent promotion opportunities to help you advance your career within the organization.
• Regular feedback and progress checkpoints throughout the year.
• A strong commitment to Diversity & Inclusion as an integral part of our culture through policies, processes, and employee support networks.
• A workplace environment where your innovative ideas for growth are always valued.
• Employee recognition programs that foster appreciation among peers and from managers.
• Supportive work-life balance tools, including flexible working options, sabbaticals, and leave policies for parental responsibilities.
• Traditional benefits including 25 days of vacation, private medical and dental coverage, online shopping discounts, an Employee Assistance Program, life assurance, and a group personal pension plan with an additional 5% employer contribution.
Your Role And Responsibilities
As a Cyber Security Consultant with a focus on Data and Application Security, you will assist clients in securing their applications and sensitive data throughout their development and data lifecycle. Your role will involve guiding organizations through application security challenges while incorporating security practices such as Threat Modelling, Secure SDLC, and DevSecOps. With your expertise in vulnerability management, data protection, and compliance, you will create effective security measures that facilitate application modernization in multicloud environments.
Key Responsibilities
• Provide expert advisory services on application security across all phases of the Software Development Lifecycle.
• Lead initiatives like Threat Modelling, integrating Secure SDLC, DevSecOps practices, and specific application security testing.
• Establish security guardrails to support secure application modernization strategies on multicloud platforms.
• Manage application vulnerability assessments by analyzing high-risk vulnerabilities and formulating comprehensive mitigation strategies.
• Employ data protection techniques, including encryption, masking, and anonymization to protect sensitive information.
• Define and enforce data classification and lifecycle management policies for comprehensive data handling security.
• Guide clients on regulatory obligations such as GDPR, HIPAA, and CCPA, ensuring alignment with security programs.
• Enhance database security via access management, audit controls, and patch management processes.
• Utilize SIEM platforms for real-time monitoring and analysis of data and application security events.
• Collaborate with development and infrastructure teams to seamlessly integrate security into business processes and IT solutions.
Preferred Education
Bachelor's Degree
Required Technical And Professional Expertise
• Significant experience in application security domains, encompassing Threat Modelling, Secure SDLC, and DevSecOps.
• Proficient knowledge in data protection methods including encryption, masking, and anonymization techniques.
• Hands-on experience with Data Loss Prevention (DLP) tools and methodologies.
• Strong understanding of database security controls such as access management, auditing, and patch management.
• Familiarity with SIEM platform operations for data and application security event monitoring.
• Solid grasp of data classification principles and lifecycle management practices.
• Awareness of privacy frameworks including GDPR, HIPAA, and CCPA, alongside the ability to synchronize security programs for compliance.
• In-depth knowledge of security frameworks like NIST, ISO 27001, and CIS Critical Security Controls.
As an equal opportunities employer, we encourage applications from candidates of all backgrounds. To be eligible for this role, you must have the right to work in the UK and have resided here for the last 2 years without interruption. Applicants should be capable of obtaining or holding a UK government security clearance.
Preferred Technical And Professional Experience
• Experience in implementing security guardrails for application modernization projects in hybrid and multicloud environments.
• Proficiency with automation tools and pipelines supporting DevSecOps practices.
• Possession of certifications such as CSSLP, CISSP, CISM, CCSP, or equivalent.
• Extensive consulting experience, with the ability to translate complex security challenges into actionable insights for development and business stakeholders.
• Proven experience designing and managing comprehensive enterprise data governance frameworks.
