**Introduction** As an Application Security Consultant, the candidate will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs. They need to apply the technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world. **Your role and responsibilities** · Help integrate a DevSecOps strategy and security toolchain as part of a Secure SDLC. · Guidance on securing application migrations between on-prem and cloud. · Administration and maintenance of the DevSecOps toolchain · With the support of automation and DevSecOps, mandate security scanning of code changes, container images through CI/CD pipelines on every release and support development team on remediation of security assessment findings. · Threat modelling for the significant changes on the applications to ensure Secure by Design approach is followed. · Support periodic compliance activities and application risk assessments. · Creating awareness and advocating security best practices on the context of application technology. Remediation support and guidance to developers on fixing the issues. **Required technical and professional expertise** * Minimum 2+ years of experience in Application Security roles. * Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities * Experience in: SAST, DAST, SCA, Container Security scanning, IaC security scanning, Secret scanning, Vulnerability Management and CI/CD Pipelines. * Must be adept in "Secure By Design" Principles * Experience in security requirements analysis for application * Experience in security requirement implementation recommendations & guidance * Prior experience in Threat Modelling, Application Security Test planning & coordination * Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting * Validated knowledge of Threat Risk Assessment, Application Risk classification, Security Architecture gap assessment, Manual Penetration Testing and secure SDLC process definition and tooling * Exposure to DevSecOps - Security integration in CI/CD pipeline - design, implementation * Demonstrated ability with On-prem / Cloud migration controls review and implementation **Preferred technical and professional experience** · Practical experience in DevOps environments · Experience in software development methodologies · Experience with Penetration testing IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.