Secure Development Analyst (AppSec / DevSecOps)

On-siteSalary not specified
Argentina

Job Description, Responsibilities & Requirements

About the Position

We are looking for a Secure Development Analyst to operate and enhance our DevSecOps capabilities, strengthening CI/CD delivery by embedding automated security controls and actionable guidance for engineering teams. You will help keep our Jenkins + Podman ecosystem running smoothly while partnering with developers to reduce risk.

Responsibilities

  • Operate DevSecOps infrastructure supporting Veracode scans across the Jenkins + Podman stack
  • Maintain and improve CI/CD pipelines by adding automated controls for SAST, SCA, DAST, secret scanning, and container image analysis
  • Design security gates that reduce risk while preserving developer velocity
  • Integrate and maintain tooling connections across Bitbucket, SonarQube, and JFrog Artifactory
  • Triage security findings, prioritize remediation work, and support teams through resolution
  • Perform early interventions in agile delivery by conducting design reviews and story reviews against defined standards
  • Collaborate with development and architecture teams to promote secure coding practices and consistent implementation of security requirements

Requirements

  • 2+ years of experience in AppSec, DevSecOps, DevOps, or development roles with a security focus
  • Hands-on experience with Jenkins, including declarative pipelines, shared libraries, and agent management
  • Hands-on experience with Podman for containerized build and scan workflows
  • Project experience operating and evolving DevSecOps infrastructure supporting SAST/SCA/DAST workflows
  • Strong knowledge of secure development frameworks and standards: NIST SSDF (SP 800-218), OWASP ASVS, OWASP SAMM, OWASP Top 10 (Web/API/LLM/Mobile), SEI CERT, MITRE ATT&CK, and CWE Top 25
  • Solid understanding of security testing approaches and tools (SAST, SCA, DAST, IAST, and secret scanning)
  • Working knowledge of container ecosystems and orchestration (Docker, Kubernetes/OpenShift) and image scanning concepts
  • Proficiency with CI/CD and repository integrations such as Bitbucket/Git, SonarQube, and JFrog Artifactory
  • Familiarity with cloud platforms (AWS, Azure, or GCP) and CIS Benchmarks
  • Skills in development languages and stacks, with the ability to read and analyze source code (Java, Node.js, JavaScript/TypeScript, Python, Go, .NET)
  • Knowledge of auth and federation (OIDC, OAuth 2.0, SAML, JWT, mTLS) and IDPs such as Keycloak
  • Background in secure transport protocols (SSL/TLS), PKI, and secret management (Vault, secrets managers)
  • Threat modeling experience with STRIDE, PASTA, or attack trees
  • Knowledge of best practices to prevent attacks (OWASP) and knowledge of common vectors in web applications and APIs
  • Good communication skills to explain findings clearly and propose pragmatic fixes
  • English proficiency at a B1+ level

Nice to Have

  • Computer science student or graduate (or related field)
  • Experience with Veracode, Checkmarx, Snyk, Semgrep, or GitLeaks

We Offer

  • Opportunity to work with a leading technology company, EPAM Systems
  • Hybrid work model in Córdoba, Argentina
  • Competitive contractor terms

About the Company

EPAM Systems is a next-generation global technology platform and digital transformation partner, empowering enterprises to accelerate innovation and optimize operations. We deliver end-to-end technology solutions and services, leveraging our deep industry expertise and cutting-edge technologies.

Job Details

Company name:
EPAM
Location:
Argentina
Work Mode:
On-site
Posted on TheJob:
Jul 5, 2026
Last checked:
Jul 5, 2026
Posted on the source:
Jul 2, 2026
Apply Now
© 2026 TheJob, Inc. All rights reserved.