The CISO Cybersecurity Operations team is seeking a penetration tester to join our team. This highly technical role requires a solid understanding of information security, preferably with a strong computer science background. Penetration testers (pen-testers)/red teamers must understand applications, networking, and various operating systems, along with tools and frameworks. They must stay current with technology advancements while retaining knowledge of older systems and applications still in use within the enterprise.

Responsibilities include

• Continuously searching for system and application weaknesses to exploit while maintaining professionalism.
• Collaborating with team members for remediation and additional validation, and contributing to other collaborative approaches such as purple teaming to enhance skillsets for both red and blue team members.
• Utilizing hands-on expertise with various tools to simulate attacker tactics, techniques, and procedures (TTPs).
• Conducting stealthy engagements as well as visible and announced assessments for new and existing services, infrastructure, and applications to identify weaknesses before an attacker does.

Required Technical and Professional Expertise

• Minimum required certification. OSCP or equivalent (e.g., Offensive Security Web Expert (OSWE), Offensive Security Web Assessor (OSWA)).
• Minimum of 3, preferably 5, years of hands-on penetration testing experience with operating systems, web applications, and network infrastructure.
• Minimum of 3, preferably 5, years of experience using penetration testing tools such as NMap, Nessus, Metasploit, BurpSuite, Nito, and Tcpdump.
• Administrator-level knowledge of server operating systems (Unix and Windows) to test infrastructure. Proficiency in Kali Linux.
• Ability to test web technologies, including web applications, containers, and container managers.
• Sufficient technical knowledge of TCP/IP networking/routing, intranet/internet architectures, segregation technologies/VLANs, firewalls, intrusion detection, intrusion prevention, and SQL databases.
• Programming ability to create, read, and modify exploit code for system penetration. Knowledge of languages such as C, C++, Java, C#, and scripting is an asset.
• Ability to clearly present penetration testing results, including recommendations for remediation.

Preferred Technical and Professional Expertise

• Preferably a bachelor’s degree or college diploma in computer science or a related field.

About Business Unit

IBM Systems helps IT leaders rethink their infrastructure. Our servers and storage solutions understand, reason, and learn, enabling clients to innovate while avoiding IT issues. We power the world’s most important industries and work with clients to build the future. Join us to contribute to our leading-edge technology portfolio designed for cognitive business and optimized for cloud computing.

Your Life @ IBM

In a rapidly evolving technology landscape, IBM is dedicated to client success, innovation, and trust. As an IBMer, you will have opportunities to learn, develop, and advance your career. We encourage you to be courageous, experiment daily, and receive continuous support in an inclusive environment where everyone can thrive.

IBMers are growth-minded, curious, open to feedback, and eager to learn new information and skills. They collaborate with colleagues to drive exceptional outcomes for customers. The courage to make critical decisions daily is essential to IBM becoming the catalyst for progress, embracing challenges with available resources, and maintaining an outcome-focused approach.

Being You @ IBM

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.