Skip navigation EPAM

Application Security Consultant Saint Petersburg, Russia

  • hot

Application Security Consultant Description

Job #: 51927
#applicationsecurity #ssdlc #pentesting #threatmodeling #riskassessment

As an Application Security Architect or Application Security Consultant you will be responsible for increasing Security Awareness among Project Teams and making products more robust and secure.

This kind of goal tends to be very challenging and includes lots of various activities: from communicating with Customer explaining what IT Security in general and Application Security in particular means, advocating consistent approach to Security through the whole SDLC for both Customer and the Development Team, tracking and helping the Team with Security-related activities, going deep into project details, creation of security-related artifacts, making contribution into Security Testing, etc.

Another very common case is when Application Security Consultant is involved on the mature stage of SDLC for security review of already existing product.
#LI-IS1

Responsibilities

  • Lead and coordinate Security Audits for on-going projects: (from Architecture, Process, Risk and Testing etc.)
  • Work as a Security Consultant helping to establish secure development activities in SDLC end-to-end, be able to provide clarifications related to security in development
  • Perform Application Security Trainings for Development Teams
  • Contribute to building Secure Architecture and Design for the projects
  • Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
  • Cooperate with all sub-teams: BAs, Developers, Qas; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
  • Be able to communicate and coordinate work with other Security Teams - Infrastructure Security Experts, Penetration Testers

Requirements

  • 3+ years of professional experience in the field of Software Development
  • Passion to develop in the field of Security
  • Understanding of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.)
  • Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Threat Modeling, Security Code Review
  • Understanding of security threats, their classification
  • Understanding of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc.) and how they match the general classification
  • Understanding of main security concepts and principles
  • Understanding of main areas of protection and levels of defense

Nice to have

  • Familiarity with the tools for various security activities: Static Code Analysis, Penetration Testing, Intrusion Detection/Prevention etc
  • Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
  • Understanding of mitigation mechanisms for every type of threats
  • Familiarity with existing security standards and regulations experience of requirements implementation
  • Understanding of basic principles of infrastructure security and penetration testing
  • Ability to use the tools to perform actual attacks is a plus
  • Certification in any security area is a plus

We offer

  • Work with cutting-edge technologies and participation on projects in various domains (Life Science, E-commerce, Bioinformatics, GameDev, Capital Markets, etc.)
  • Opportunity to work in a distributed team on an international project
  • In-house education and training - 6,000+ courses and trainings for both technical and soft skills
  • Special educational programs for advanced specialists—Delivery Management School, Solution Architecture School, and Solution Architecture University
  • Free English courses and conversational clubs are available for you right inside our offices
  • Self-fulfillment opportunities beyond projects: we hold meetups and conferences where our employees act as speakers, invite trainers for speakers, and develop professional communities
  • Relocation opportunities—both within and outside Russia (EPAM's offices are present in 14 Russian cities as well as in over 25+ countries)
  • We support flexible hours and remote work
  • Voluntary health insurance policy, including dental care, is available to you right from your first working day; in-house medical care is provided

Hello. How Can We Help You?


Our Offices