Application Developer Java

**Introduction** As part of transformation programs and the securing of application exchanges (APIs, microservices, internal/external services, partners), we are looking for a cybersecurity architect specialized in strong authentication for exchanges, covering both M2M flows (partners, internal services, microservices, etc.) and H2M flows (web/mobile applications consuming APIs). The role focuses on bringing systems into compliance, designing, deploying, and operating strong authentication mechanisms based primarily on mTLS/mSSH, in close collaboration with security teams, network teams, cloud/on‑prem platforms, application teams, and API Management teams (API Gateway, including Apigee, integrated with a digital vault such as a Credential Management Server). **Your role and responsibilities** Ensure the design, implementation, and industrialization of secure exchanges. The role aims to guarantee a high level of requirements regarding: * Mutual authentication of machine identity using X509 v3 certificates / SSH keys (M2M) and user/machine identity (M2M via API). * Strong knowledge of PKI infrastructures, X509 v3 certificates, and SSH keys. * SSL/TLS/SSH protocols. * Use of tools to test and demonstrate that communications are mutually authenticated beforehand (OpenSSL, Curl, PowerShell, Unix shell, etc.). * Traceability, compliance, and related documentation. Responsibilities * Architecture & design (H2M & M2M) * mTLS implementation & certificate management (including API Gateway) * Secrets, keys & automation * Security, compliance & operations Expected deliverables * Technical documentation, especially on the "Authentication" of remediated applications. * Authentication standards & patterns for H2M/M2M (mTLS, OAuth2/OIDC, JWT, certificate/secret management). * UAT Books per application: procedures, sign‑off, expected/actual results (Excel format) * Applications equipped with strong authentication features, implemented, tested, validated, and deployed to production. **Required technical and professional expertise** Technical skills (must-have) * Mastery of TLS / mTLS (handshake, chains, ciphers, troubleshooting). * PKI experience: CA, CRL/OCSP, rotation, revocation. * IAM knowledge. * Hands-on experience with secrets/keys management tools (Vault / KMS / HSM or equivalents). * API & integration environments: API Gateway (including Apigee), reverse proxy, WAF, PAM, EPM (depending on context). Soft skills * Ability to simplify and guide application teams (dev, ops, SRE). * Rigor, attention to detail (crypto/TLS), "security by design" mindset. * Autonomy, analytical skills, results-oriented. **Preferred technical and professional experience** Profficiency of French language IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.