Global Security - Penetration Testing Consultant - X-Force Red at IBM

Introduction

A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.

Your role and responsibilities

Passionate about breaking into applications, networks, systems, databases, devices and other technologies to uncover security vulnerabilities and help fix them? Are you interested in joining a team of like-minded passionate experts, many of whom have decades of experience breaking into anything and everything to help organizations strengthen their security? If so, X-Force Red, IBM Security’s team of veteran hackers, is looking for a Global Application Security Consultant, and you may be the perfect fit.

The Global Security Consultant will be part of the X-Force Red Offensive Security team. The consultant’s primary duty is to perform penetration tests against clients’ applications including web, mobile and thick-client.

Engagements typically range from two to four weeks. Secondary duties include assisting in the sales process with potential or existing clients, and acting as a client’s primary technical contact for projects delivered by other consultants. X-Force Red consultants provide subject matter expertise in the form of research, tooling, and consulting engagements.

You should have in-depth of knowledge and experience in testing modern enterprise applications across a variety of frameworks and platforms. Identifying vulnerabilities in these applications and exploiting them to gain access to sensitive data or systems.

The consultant must be able to rapidly learn new technologies and processes with minimal assistance. There is a potential for 25% travel, including international travel. Travel depends on project requirements.

Current active clearance level or ability to obtain one is beneficial.

Required technical and professional expertise

Technical / Professional Experience:

· 5+ years of penetration testing experience

· 5+ years of consulting experience

· 5+ years of system administration, network administration, or programming experience

· Ability to perform penetration tests against web applications plus at least one of the following: internal networks, wireless networks, mobile applications, thick-client applications, embedded applications, hardware

· Programming experience in one or more of the following: Java, .Net, Python, or Ruby

· Strong understanding of networks, firewalls, protocols, routing, and security technologies

· History of presenting at regional or major security conferences

· History of published research, blog posts, or other publications

· Experience coordinating security testing projects with multiple consultants

Consulting Qualifications:

· Effective communication and presentation skills

· The ability to lead large groups and be a primary facilitator

· Demonstrated written skills

· Drive to do research, publications, blogs, presentations, etc.

· Comfortable working in a project based / client serving model

· Ability to lead and shape client expectations

· Help drive pursuits and engage in complex deals, matching outcomes to expectations

· Ability to work easily with diverse and dynamic teams

· Ability to self-start, and work independently on projects

Preferred technical and professional experience

· Experience testing GenAI applications and LLM models

· Experience with testing SaaS platforms and applications - SAP, Salesforce, Oracle

· Burp Suite Certified Practitioner, OSCP, or other technical certifications

· Experience in reverse engineering software or hardware

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.