OpenJDK Security Developer

Introduction

At IBM Software, we transform client challenges into solutions. Building the world’s leading AI-powered, cloud-native products that shape the future of business and society. Our legacy of innovation creates endless opportunities for IBMers to learn, grow, and make an impact on a global scale. Working in Software means joining a team fueled by curiosity and collaboration. You’ll work with diverse technologies, partners, and industries to design, develop, and deliver solutions that power digital transformation.

With a culture that values innovation, growth, and continuous learning, IBM Software places you at the heart of IBM’s product and technology landscape. Here, you’ll have the tools and opportunities to advance your career while creating software that changes the world.

The IBM OpenJDK team is looking for a Software Developer to join our security team. As a key member of our dynamic team, you will be working directly with the upstream community of OpenJDK on bug fixes and backports and to generally help us maintain our growing list of supported versions of OpenJDK.

• Help develop and maintain OpenJDK:
  Design, code, test bugfixes, backports and new features, work on the security reviews, analyze the code base for security vulnerabilities, perform static analysis and threat analysis, help develop security standards such as FIPS and Post Quantum Cryptography and integrate the implementation into the RHEL ecosystem.
• Debug Customer-Reported Problems:
  Design, develop, and unit test code fixes for customer-reported problems, collaborating with stakeholders to resolve issues efficiently.
• Deliver Offerings:
  Deliver high-quality offerings using leading-edge and/or proven technologies, meeting stakeholder requirements and expectations.
• Collaborate in Agile Environment:
  Work collaboratively in an Agile environment to understand stakeholder requirements, aligning solutions with business needs and goals.
• Work on Open Source code with an upstream first approach.

Preferred Education:

Bachelor's Degree

• Software Development Expertise:
  Strong background in software development and debugging, demonstrating expertise in programming languages, in particular Java and C++, and in reviewing and analyzing code.
• Strong background in cryptography standards and secure coding practices, with the ability to assess and strengthen security posture.
• Advanced problem-solving skills, including the ability to analyze intricate code interactions, identify vulnerabilities, and develop robust fixes.
• Experience maintaining and enhancing legacy or long-standing production software systems.
• Vulnerability Management and Threat Prevention:
  Extensive experience in security testing, vulnerability analysis and risk assessments, protocol analysis, encryption, understanding of access controls rules, authentication, firewalls, phishing and unauthorized access, etc.

• Deep understanding of JVM or OpenJDK internals, runtime subsystems, or similar system-level software.
• Strong background in advanced security testing, penetration testing, or code-breaking activities.
• Experience with cryptographic frameworks or compliance standards such as FIPS or post-quantum cryptography.
• Having a role (Author, Committer, Reviewer, etc.) with the upstream OpenJDK project is a plus.
• Experience with penetration testing, FIPD and Post Quantum cryptography and white hacking are highly desired.