Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.
Currently we are looking for a Senior Security Testing Engineer for our Krakow office to make the team even stronger.
As an Application/Information Security Engineer, you will help EPAM's clients to assess the security level of their infrastructure, web and mobile applications. This position requires advanced technical depth and experience, technical leadership, and multi-faceted communication skills. Scope and tasks may vary depending on the customer needs. You may be involved in the full project security lifecycle from analysis and planning to development and deployment, as well as assisting with pre-sales opportunities, delivering security related trainings. Along with this, you may be engaged to perform short-term pentests requiring acting like an insider (internal penetration test) or external penetration test, in which you will simulate an attack via the Internet. Both engagement types may require either penetration testing or vulnerability assessment.
Scoping and estimating tasks, as well as managing multiple tasks with minimal supervision;
Demonstrating considerable knowledge of planning and team management specific to security assessment;
Conducting vulnerability assessments and penetration testing;
Collaborating with technical and management personnel across the full security assessment life cycle;
Utilizing problem solving skills, especially within troubleshooting complex issues while identifying options and/or alternatives;
Documenting all disclosed issues using different reporting formats;
Providing remediation suggestions to correct disclosed issues;
Collaborating with personnel responsible for writing and presenting proposals to prospective clients;
Managing and contributing to planning, coordination and successful completion of security engagements.
Certification in security field;
Penetration testing experience;
Understanding of and practical experience in security audit process, meeting security compliance requirements (ISO, PCI DSS, HIPAA) and methodologies (OSSTM, OWASP, PTES);
Ability to perform evaluation of application requirements, processes, technologies;
Ability to select, educate and communicate the right solution based on client requirements and objectives;
Experience in different exploitation tools and frameworks (Metasploit, BeEF, SQLMap, etc.);
Experience in different vulnerability scanners (Acunetix, Nessus, etc.);
Ability to resolve technical problems when required;
Ability to develop custom scripts needed for specific assessment purposes (Python, bash, PowerShell);
Ability to explain assessment results to technical and non-technical personnel;
Experience in development of security-related documentation;
Ability to develop, implement and guide security assessments’ process on the project;
Experience in security testing of Web Applications based on different technologies (.Net, Java, PHP);
Experience in security testing of Web Services (SOAP, RESTful);
Experience in security testing of Mobile Applications (iOS, Android, Windows Mobile);
Experience in security testing of infrastructure;
Previous experience as a Software Engineer or knowledge of software development methodologies is desired, but not mandatory;
Experience in security testing of infrastructure.
Possibility to be involved in an international project (Canada, China, Hong Kong, Mexico, USA, Switzerland, Germany, Sweden, United Kingdom, Russia, Belarus, Ukraine, Hungary, etc.);
Language classes (English and Polish);
Vast opportunities for self-development: online courses and library, experience exchange with colleagues around the world, partial grant of certification;
Career development center;
Possibility to take part in both: corporate and startup environment;
Possibility to relocate for short and long-term projects;
Relocation package for those who relocates to Krakow, Wroclaw, or Gdansk from other locations;
Benefit package (health care, multisport, lunch tickets, petrol vouchers and shopping vouchers, etc.);
Fruits on a weekly basis;
Sponsored sport activities, E-sport program;
We kindly ask you to include the following clause in your application: "Wyrażam zgodę na przetwarzanie moich danych osobowych zawartych w mojej ofercie pracy dla potrzeb niezbędnych do realizacji procesu rekrutacji zgodnie z ustawą z dnia 29 sierpnia 1997 r. o ochronie danych osobowych (Dz. U. z 2002 r. Nr 101, poz. 926, ze zm.)";
Please note that only selected candidates will be contacted.