What are the responsibilities and job description for the Associate Penetration Testing Consultant - X-Force Red position at IBM?
Introduction
Are you passionate about breaking into applications, networks, systems, databases, devices and other technologies to uncover security vulnerabilities and help fix them? Are you interested in joining a team of like-minded passionate experts, many of whom have decades of experience breaking into anything and everything to help organizations strengthen their security? If so, X-Force Red, IBM Consulting’s team of veteran hackers, is looking for a Penetration Testing Consultant, and you may be the perfect fit.
In this role, you will join IBM Consulting via our world-class Associate Program for university hires. As an Associate Consultant at IBM Consulting, you will have the opportunity to work with a diverse range of clients worldwide. Our clients' technical and business needs are constantly evolving. We're hiring inspired, talented individuals who believe no problem is too big to solve.
We focus on your professional development through ongoing learning, mentorship, development of technical skills, and continuous personal growth, all grounded in a culture of coaching and career advancement. If you see yourself as someone who never stops learning and who wants to unleash your potential, the IBM Consulting Associates Program is for you.
A career in IBM Consulting is rooted in long-term relationships and close collaboration with clients across the globe.
You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio, including Software and Red Hat.
Curiosity and a constant quest for knowledge serve as the foundation for success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions that result in ground-breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.
Your role and responsibilities
An Associate Penetration Testing Consultant will be part of the X-Force Red Offensive Security team. The consultant’s primary duty is to perform penetration tests against clients’ application and network assets. Engagements typically range from two to four weeks. Secondary duties include assisting in the sales process with potential or existing clients and acting as a client’s primary technical contact for projects delivered by other consultants. X-Force Red consultants provide subject matter expertise in the form of research, tooling, and consulting engagements.
They should have in-depth of knowledge and experience understanding a client’s environment, running tests against these environments, and escalating or gaining access to system by leveraging weak controls. The consultant must be able to rapidly learn new technologies and processes with minimal assistance. There is a potential for 25% travel, including international travel. Travel depends on project requirements.
Required technical and professional expertise
Penetration testing experience
Consulting experience
System administration, network administration, or programming experience
Ability to perform penetration tests against web applications plus at least one of the following : internal networks, wireless networks, mobile applications, thick-client applications, embedded applications, hardware
Programming experience in one or more of the following : Java, .Net, Python, or Ruby
Experience presenting at regional or major security conferences
Experience publishing research, blog posts, or other publications
Experience coordinating security testing projects with multiple consultants
Experience managing one or more of the following : Firewalls, IDS / IPS, Security Incident and Event Management (SIEM)
CISSP, OSCP, or other technical certifications
Experience in reverse engineering software or hardware
Hands-on experience in security aspects of compliance standards (ISO 27001, SSAE 16, COBIT, PCI, SOX, HIPAA, GLBA, etc.)
Experience editing documents for grammar, clarity, and technical accuracy
