Penetration Tester

Bangalore, Karnataka, IN

Full Time
IBM logo
Apply now Apply later

Posted 2 weeks ago

Software Developers at IBM are the backbone of our strategic initiatives to design, code, test, and provide industry-leading solutions that make the world run today - planes and trains take off on time, bank transactions complete in the blink of an eye and the world remains safe because of the work our software developers do.  Whether you are working on projects internally or for a client, software development is critical to the success of IBM and our clients worldwide.  At IBM, you will use the latest software development tools, techniques and approaches and work with leading minds in the industry to build solutions you can be proud of.

Your Role and Responsibilities
Who you are:

Since our founding, IBMers have been driven by a singular purpose. Making an impact on each other, our clients, and the world, we strive to Be Essential. By developing trust and personal responsibility in all relationships IBMers around the world have focused on innovation that matters to the world and have dedicated themselves to every client’s success by focusing and believing in our core values.

IBM is seeking a qualified Senior Penetration Tester to join its collaborative and energetic Red Team. This position will reside in the IBM Public Cloud organization providing penetration testing services and performing red team assessments against IBM Public Cloud offerings. IBM Public Cloud serves hundreds of clients every day to drive their success in both the Federal and Commercial sectors.

What you’ll do:

As a Senior Penetration Tester, you will work closely with multiple departments, including development, architecture, and compliance, to perform security testing against various system(s) and application(s). You will assist in the development and planning of remediation strategies to mitigate identified risks and vulnerabilities.

  • Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure
  • Plan and perform red team exercises against various cloud offerings
  • Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team
  • Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization
  • Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises
  • Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans
  • Research and continuously improve skills in attacker tools, methods, and techniques
  • Lead by example for the greater red team in professionalism, communication, and technical expertise


Required Technical and Professional Expertise


  • 5+ years of IT Industry
  • 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies
  • Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications.
  • Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies
  • Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.)
  • Possess one or more of the following credentials: OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN
  • Familiarity with serverless services, containerization and other cloud technologies
  • Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK



Preferred Technical and Professional Expertise



  • Expert level understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications.
  • Expertise in developing exploits and customized attack tooling and approaches
  • Demonstrated security research leading to bug bounty and CVE awards
  • Deep understanding of serverless services, containerization and other cloud technologies
  • 3+ years of demonstrating experience in system or application administration role(s)
  • Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively.



About Business Unit
Digitization is accelerating the ongoing evolution of business, and clouds - public, private, and hybrid - enable companies to extend their existing infrastructure and integrate across systems. IBM Cloud provides the security, control, and visibility that our clients have come to expect. We are working to provide the right tools and environment to combine all of our client’s data, no matter where it resides, to respond to changing market dynamics.

Your Life @ IBM
What matters to you when you’re looking for your next career challenge?

Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.

Impact. Inclusion. Infinite Experiences. Do your best work ever.

About IBM
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.

Location Statement
For additional information about location requirements, please discuss with the recruiter following submission of your application.

Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.














Job tags: Architecture GPEN GXPN NIST OSCE OSCP Penetration Tester Penetration testing Python Red team Ruby Vulnerabilities