Application Security Engineer
Company EPAM
Location Remote, USA
Preferred GIAC Certifications GWEB, GCSA or GWAPT
Travel 0%
Salary Competitive
Contact Name Alex
Contact Email ahstanford/at/
Expires 2023-01-24

Job Description

If you’re looking for a dynamic career in a large company that still has the start-up mindset, experiences fast professional growth deeply connected to technology EPAM will be the ideal place for you to shine.

EPAM is looking for an Application Security Engineer to join the Security practice to work directly with our biggest enterprise customers.

Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
Establish secure software development lifecycle (SSDLC) programs
Support software development teams in secure development methodologies, tools, and processes
Train Software Development teams in the areas of secure development
Building Secure Architecture and Design for the projects
Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
Cooperate with all sub-teams: BAs, Developers, QAs; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
Be able to communicate and coordinate work with other Security Teams – Cloud Security Engineers, Infrastructure Security Engineers or Penetration Testers

Software Development or Security-focused university degree OR equivalent experience
Motivation to develop and grow in the field of Security
Familiarity in one or more Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM etc.)
Familiarity of security threats and attack scenario, such as OWASP Top 10, Mitre Att@ck framework
Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling Tools
Familiarity with the one or more tools in the following categories: Static Code Analysis, Static / Dynamic Application Security Testing, Penetration Testing, Intrusion Detection/ Prevention
Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
Familiarity with of security threat, their implementation, and their classification
Understanding of main security concepts and principles
Understanding of main areas of protection and levels of defense

Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
Understanding of mitigation mechanisms of threats
Familiarity of DevOps principles: CI/CD, test automation, shift-left security, and shared responsibility models
Familiarity with existing security standards and regulations experience of requirements implementation
Understanding of basic principles of infrastructure security and penetration testing
Experience with cloud security controls and policies
Relevant certifications such as CISSP, CCSP, SANS GIAC or similar qualifications are a considered an advantage

Medical, Dental and Vision Insurance (Subsidized)
Health Savings Account
Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
Short-Term and Long-Term Disability (Company Provided)
Life and AD&D Insurance (Company Provided)
Employee Assistance Program
Unlimited access to LinkedIn learning solutions
Matched 401(k) Retirement Savings Plan
Paid Time Off
Legal Plan and Identity Theft Protection
Accident Insurance
Employee Discounts
Pet Insurance
Employee Stock Purchase Program

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential

This position operates in a remote capacity, but you must live within driving distance to an EPAM office. Your recruiter will discuss specific details about work location during the initial interview process