Responsibilities

• Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
• Establish secure software development lifecycle (SSDLC) programs
• Support software development teams in secure development methodologies, tools, and processes
• Train Software Development teams in the areas of secure development
• Building Secure Architecture and Design for the projects
• Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
• Cooperate with all sub-teams: BAs, Developers, QAs; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
• Be able to communicate and coordinate work with other Security Teams – Cloud Security Engineers, Infrastructure Security Engineers, or Penetration Testers

Requirements

• Software Development or Security-focused university degree OR equivalent experience
• Motivation to develop and grow in the field of Security
• Familiarity in one or more Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM etc.)
• Familiarity of security threats and attack scenario, such as OWASP Top 10, Mitre Attack framework
• Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling Tools
• Familiarity with the one or more tools in the following categories: Static Code Analysis, Static / Dynamic Application Security Testing, Penetration Testing, Intrusion Detection/ Prevention
• Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
• Familiarity with of security threat, their implementation and their classification
• Understanding of main security concepts and principles
• Understanding of main areas of protection and levels of defense

Nice to have

• Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
• Understanding of mitigation mechanisms of threats
• Familiarity of DevOps principles: CI/CD, test automation, shift-left security and shared responsibility models
• Familiarity with existing security standards and regulations experience of requirements implementation
• Understanding of basic principles of infrastructure security and penetration testing
• Experience with cloud security controls and policies
• Relevant certifications such as CISSP, CCSP, SANS GIAC or similar qualifications are a considered an advantage

We offer

• Team & working conditions:
  • Friendly team and enjoyable working environment
  • Engineering community of industry’s professionals
  • Flexible schedule and opportunity to work remotely
  • Relocation within our offices
  • Corporate and social events
  • Benefits package (health insurance, multisport, shopping vouchers)
• Stable income:
  • Employment Contract or B2B
  • Regular assessments and salary reviews
  • Participation in the Employee Stock Purchase Plan
  • Referral bonuses
• Career development:
  • Innovative solutions delivery and engineering excellence
  • Outstanding career roadmap
  • Leadership development, career advising, soft skills and well-being programs
  • Certification (GCP, Azure, AWS)
  • Unlimited access to LinkedIn Learning, Get Abstract, O’Reilly, Cloud Guru
  • Language classes on English and Polish for foreigners
• Please note that only selected candidates will be contacted

WHY EPAM