Responsibilities

• Work with development teams to ‘shift security left’ and integrate security best practices into the software development lifecycle
• Find gaps and pain points in current processes and make recommendations
• Perform threat modeling, security architecture review and risk assessments for applications
• Provide security requirements to the development teams in the form of security user stories and contribute towards the user stories database
• Create and maintain security standards, guidelines, and documentation for development teams to follow
• Develop tools and processes to assist modeling, analysis, detection, and prevention of security threats
• Design and follow a process to help evaluate third-party vendors from a security perspective
• Make necessary updates to the Product Inventory
• Participate in the evaluation and selection of security tools and technologies that align with the organization's security goals
• Collaborate with cross-functional teams to prioritize and address security-related issues efficiently
• Develop and deliver security training programs for developers and other stakeholders to increase awareness of secure coding practices

Requirements

• Proven experience as an Application Security Architect or in a similar security-focused role (e.g., DevSecOps background)
• In-depth knowledge of software development methodologies and secure coding practices
• Strong understanding of common application vulnerabilities, attack vectors, and mitigation techniques
• Experience with security tools and technologies such as static and dynamic analysis tools, web application firewalls, etc
• Proficiency in programming languages commonly used in web development (e.g., Java, Python, JavaScript)
• Familiarity with security standards and frameworks (e.g., OWASP, NIST, ISO 27001)
• Hands-on experience with secure design patterns and architecture reviews
• Excellent communication skills to collaborate effectively with technical and non-technical stakeholders
• Strong analytical and problem-solving skills to identify and address complex security issues
• Ability to work independently and in a team, manage priorities, and deliver high-quality results within deadlines

Nice to have

• Experience with Cloud Security
• Hands-on experience in Security Testing

Benefits

• Extended Healthcare with Prescription Drugs, Dental and Vision Insurance, and Healthcare Spending Account (Company Paid)
• Maternity/Parental/Adoption Leave Top-up
• Life and AD&D Insurance (Company Paid)
• Employee Assistance Program (Company Paid)
• Unlimited access to LinkedIn learning solutions
• Long-Term Disability
• Registered Retirement Savings Plan (RRSP) with company match
• Paid Time Off
• Critical Illness Insurance
• Employee Discounts
• Employee Stock Purchase Program

About EPAM

• EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential