Security Champion

About IBM Consulting

In this role, you’ll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients the around world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

A career in IBM Consulting embraces long-term relationships and close collaboration with clients across the globe.

You’ll work with visionaries across multiple industries to improve the hybrid and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including IBM Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you’ll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role And Responsibilities

We are looking for a proactive and experienced Security Champion to drive secure development practices across engineering teams. The ideal candidate will act as a bridge between security and development, ensuring that application security is embedded throughout the software development lifecycle (SDLC).

Key Responsibilities

• Act as the security advocate within development teams, promoting a security-first mindset
• Integrate security practices into all phases of the SDLC
• Perform and support:
  • Secure code reviews
  • Threat modeling exercises
  • Application Vulnerability assessments
• Work closely with AppSec teams to implement:
  • SAST, DAST, SCA, and IAST tools
• Identify, triage, and remediate vulnerabilities in applications and APIs
• Provide guidance on secure coding practices (e.g., OWASP Top 10)
• Collaborate with DevOps teams to ensure secure CI/CD pipelines
• Assist in incident response and root cause analysis for security issues
• Conduct security training and awareness sessions for developers
• Track and report security metrics and overall risk posture

What We Offer

• Individual career path
• Access to countless trainings and certification offerings
• A knowledge sharing culture
• An environment where you are actively contributing your ideas
• The possibility to work in projects in one of the largest IT companies

Required Technical And Professional Expertise

• 5+ years of experience in Application Security / Product Security / Secure Development
• Strong understanding of:
  • OWASP Top 10 vulnerabilities
  • Secure coding principles
  • Web and API security
• Hands-on experience with:
  • SAST (e.g., Checkmarx, Fortify)
  • DAST (e.g., Burp Suite, OWASP ZAP)
  • SCA tools (e.g., Snyk, Black Duck)
  • IAST tools (good to have)
• Experience in at least one programming language (e.g., Java, Python, JavaScript, Go)
• Familiarity with:
  • CI/CD tools (Jenkins, GitHub Actions, GitLab CI)
  • Cloud platforms (AWS, Azure, or GCP)
• Good understanding of authentication and authorization mechanisms (OAuth, JWT, SSO)
• Strong problem-solving and communication skills
• Fluent in English and German (at least C1 level)
• Swiss or EU nationality, or valid Swiss work permit.

Preferred Technical And Professional Experience

• Experience with threat modeling methodologies (STRIDE, PASTA)
• Knowledge of container security (Docker, Kubernetes)
• Experience working in Agile/DevSecOps environments
• Certifications such as CEH, OSCP, CSSLP, GWAPT
• Domain-Specific Advantage (SAP Security)
• Experience with SAP Application Security
• Knowledge of ABAP secure coding practices
• Hands-on experience with SAP Code Vulnerability Analyzer (CVA)
• Familiarity with identifying and remediating SAP/ABAP vulnerabilities