Security Manager Software

Job description

**Introduction**
Responsibilities:
* Lead, mentor, and grow a global team of security engineers and specialists.
* Review and assess IBM Network Automation, services, and applications as per defined by the IBM’s Security and Privacy by Design (SPbD) framework.
* Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
* Lead the efforts to streamline the security processes and tooling through the active participation in Design Thinking sessions for process and tooling changes and enhancements.
* Engage, collaborate, and build trusted relationships with product managers, developers, and security engineers.
* Develop guidance and enablement material to produce secure software, services and applications that align with IBM's commitments to customers and IBM's IT Security Standards
* Align company standards, frameworks and security with overall business and technology strategy.
* Identify and communicate current and emerging security threats.
* Assess risk and develop mitigation and remediation plans for security findings in services and applications.

Business Awareness:
* You have an understanding about the business that you are trying to secure.

For example, working knowledge of cloud technologies, the ability to describe what the security concerns and impact might be for an organization looking to move from on- premises compute to public cloud.
* Distributed Systems / Software Design: understand the compromises that teams make every day in order to make things work.

Security Engineers should have strong opinions about the right way to build.
* Threats, Risks, and Modelling: know the difference between a threat and risk.

The ability to understand what organizations need to protect, who they need to protect it from, and how that protection should work.
* Vulnerabilities and Exploitation: the ability to discern between a weakness, flaw, or error found within a system, software, host, etc.

which have the potential to be leveraged by an attacker in order to compromise a network, application, an infrastructure, etc.
* Collaboration: being personable, approachable, and empathetic are extremely valuable qualities in a Security Manager.

The Security Manager role requires a lot of cooperation and engagement within the organization that they support.
* Experience with Incident Response / Operations or addressing breaches, incidents.
* Experience with forensic analysis - strong critical thinking and analytical skills.
* Understanding of current software (on-premises) and cloud technologies and Software-as-a-Service (SaaS) concepts
**Your role and responsibilities**
The IBM Network Automation team is looking for a Security Manager, one who can take on a leadership role in responding to security issues across a large product portfolio, and its many products and services.

The right candidate must thrive in high-pressure situations, think like both an attacker and defender, to drive engineering, development, and business teams to take the right actions in the right timeframes to mitigate risks.

We are looking for an individual who can balance technical risks against business risks and consistently drive for the right results.

Has a passion for developing solutions to complex security challenges, recognize and fill gaps from a defence-in-depth perspective.
**Required technical and professional expertise**
* Education: Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
* Experience: extensive in software application security, with at least few years in a leadership or management role within a SaaS or cloud-native enterprise environment.
* Proven expertise in cloud and application security, including AWS, Azure, or GCP.
* Deep understanding of SaaS architectures, including microservices, multi-tenancy, containerization (Docker/Kubernetes), and API security.
* Strong background in DevSecOps practices and security automation using CI/CD tools (Jenkins, GitHub Actions, GitLab CI, Azure DevOps, etc.).

* Hands-on experience with security technologies such as:
* SAST/DAST
* Container & Kubernetes security (e.g., Aqua, Twistlock)

* Excellent understanding of OWASP Top 10, NIST CSF, and MITRE ATT&CK frameworks.
* Strong ability to manage complex projects, cross-functional teams, and stakeholder expectations.
**Preferred technical and professional experience**
* Master’s degree in Cybersecurity, Information Systems, or related discipline.
* Professional certifications such as CISSP, CSSLP, CISM, CCSP, or OSCP.
* Experience managing security for enterprise-grade SaaS applications handling sensitive or regulated data (e.g., healthcare, finance, government).
* Working knowledge of Zero Trust, API security frameworks, and identity management (OIDC, SAML, OAuth 2.0).
* Demonstrated experience designing or implementing cloud-native security architectures
* Proven success influencing security practices across distributed or global engineering organizations.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics.

IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Required Skill Profession

Other General