EPAM is looking for an experienced Senior Application Security Engineer to support our clients in improving their security posture.

You will work together with various security and non-security teams to implement secure coding guidelines, conduct thorough code reviews, integrate SAST/DAST tools into the CI/CD pipeline and facilitate threat modeling in the software development lifecycle.

Responsibilities

• Conduct security reviews, threat modelling and review penetration test results for applications
• Collaborate with software developers and other stakeholders to remediate security vulnerabilities
• Develop and implement automated security testing tools and procedures to identify security issues
• Integrate security tools, standards, and processes into the secure software development lifecycle (SSDLC)
• Stay updated on the latest security threats and ensure our scanning rules evolve accordingly
• Educate and train developers on security best practices and security awareness
• Define and lead the security strategy and roadmap for application development
• Optimize and customize SAST processes to align with application security requirements
• Deeply understand and advocate for SAST methodologies, explaining the how and why behind their use in the development lifecycle
• Collaborate with developers to integrate SAST tools seamlessly into their workflows and CI/CD pipelines
  
  
  

Requirements

• 5+ years of experience in Application Security
• Strong experience with Checkmarx CxSAST or other SAST tools
• Proficiency in CxQL for writing and modifying scanning rules
• Deep understanding of SAST and its role in secure software development
• Familiarity with GitHub and integrating security scans into CI/CD pipelines
• Excellent analytical skills for interpreting scan results and improving scan accuracy
• Strong communication skills to effectively collaborate with development teams and stakeholders
• Holistic understanding of DevSecOps practices, emphasizing security integration at every phase of software development
• Fluent English communication skills at a B2+ level
  
  
  

Nice to have

• Experience with Python, Go or other scripting languages and automation technologies
• Basic knowledge of Cloud Platforms
• Familiarity with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOps
• Experience with containerization and orchestration technologies like Docker and Kubernetes
• Understanding of SecOps tools and practices, including security monitoring, incident response, and threat modeling
• Knowledge of Infrastructure as Code tools like Terraform or Ansible
• Experience with security monitoring and logging tools like ELK Stack or Prometheus
  
  
  

We offer

• Dynamic, entrepreneurial corporate environment
• Diverse multicultural, multi-functional, and multilingual work environment
• Opportunities for personal and career growth in a progressive industry
• Global scope, international projects
• Widespread training and development opportunities
• Unlimited access to LinkedIn learning solutions
• Competitive salary and various benefits
• Advanced wellbeing and CSR programs, recreation area
  
  
  

Do you know someone interested in starting a career in IT? Share our EPAM Campus programs with them, where they can enhance their knowledge in various fields online, free of charge.

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.