IntroductionAt IBM, work is more than a job - it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.Your Role and ResponsibilitiesA Security Services Specialist is responsible for evaluating vendors' cybersecurity practices to identify risks, ensure compliance with standards, review security documentation, and recommend mitigations. They collaborate with stakeholders, monitor third-party activities, and report on risk status.Required Technical and Professional Expertise

Want more jobs like this?Getjobsdelivered to your inbox every week.

Want more jobs like this?

Getjobsdelivered to your inbox every week.

Select a locationGet Jobs

Select a location

  1. Software Development Lifecycle (SDLC) Knowledge- Familiarity with how software is designed, developed, tested, deployed, and maintained.2. Regulatory and Compliance Knowledge- NIST Cybersecurity Framework (CSF)- Executive Order 14028 (Improving the Nation’s Cybersecurity)- SPDX or CycloneDX for SBOM formats3. Risk Management- Ability to identify and assess risks associated with software components, including vulnerabilities inthird-party libraries.- Third party cyber risk assessments4. Communication and Collaboration- Skills in collaborating with developers, third parties and stakeholders to ensure compliance andresolve issues.Technical Expertise:1. Software Composition Analysis (SCA) Tools2. Programming and Scripting Languages- Knowledge of languages like Python, Java, JavaScript, or C++ to trace dependencies and identifyvulnerabilities.3. Dependency and Package Management- Experience with package managers (e.g., npm, Maven, Pip, Gradle) and dependency trees.4. Vulnerability Databases- Familiarity with CVE (Common Vulnerabilities and Exposures), NVD (National VulnerabilityDatabase), or OSV (Open Source Vulnerabilities).5. SBOM Standards and Tools- SPDX (Software Package Data Exchange)- CycloneDX- Experience with tools that generate or analyze SBOMs (Dependency Track)6. Open Source Software (OSS) Licensing- Ability to analyze licensing terms and identify compliance issues in OSS components.7. Security Frameworks- Knowledge of security best practices (e.g., OWASP Top 10, secure coding standards).Preferred Technical and Professional ExpertiseCloud and Container Security- Familiarity with cloud-native and containerized environments (e.g., Docker, Kubernetes).Database and Data Analysis- Capability to query and analyze data from SBOM reports or vulnerability scans.Continuous Integration/Continuous Deployment (CI/CD)- Understanding of CI/CD pipelines and how SBOMs integrate into DevSecOps workflows