Job Description, Responsibilities & Requirements
About the Position
EPAM is looking for an Application Security Architect to join the Security practice to work directly with our biggest enterprise customers.
Responsibilities
- Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
- Establish secure software development lifecycle (SSDLC) programs
- Support software development teams in secure development methodologies, tools, and processes
- Train Software Development teams in the areas of secure development
- Build Secure Architecture and Design for the projects
- Communicate with customers and teams, be able to convey the message about the importance of Secure Software Development Life Cycle, the ways of establishing it
- Cooperate with all sub-teams: BAs, Developers, QAs; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
- Be able to communicate and coordinate work with other Security Teams – Cloud Security Engineers, Infrastructure Security Engineers, or Penetration Testers
Requirements
- Software Development or Security-focused university degree OR equivalent experience
- Motivation to develop and grow in the field of Security
- Familiarity in one or more Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM, etc.)
- Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling Tools
- Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
- Familiarity with security threats, their implementation, and their classification
- Understanding of main security concepts and principles
- Understanding of main areas of protection and levels of defense
Nice to Have
- Familiarity with one or more cybersecurity tools in the following categories: Static Code Analysis, Penetration Testing, Intrusion Detection/ Prevention
- Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
- Understanding of mitigation mechanisms for every type of threat
- Familiarity with existing security standards and regulations experience of requirements implementation
- Understanding of basic principles of infrastructure security and penetration testing
- Experience with cloud security controls and policies
- Relevant certifications such as CISSP, CCSP, SANS GIAC, or similar qualifications are considered an advantage
- Experience with Cloud Security
We Offer
- Opportunity to work with leading enterprise customers
- Hybrid work model in Hungary
About the Company
EPAM Systems is a global software engineering and product development company with a focus on delivering digital platforms and solutions to the world's leading companies.