.DESCRIPTION: Do you have a systems engineering background and strong knowledge in Security?
Are you an open-minded professional with good English skills?
If it sounds like you, this could be the perfect opportunity to join EPAM as a Senior Application Security Engineer.
Our teams work in highly agile working environments for Fortune 1000 clients, following XP practices and best CI/CD practices.
We are looking for an experienced Application Security Engineer to ensure the architectonic safety of our digital portfolio.
You will work hand-in-hand with our Security Architect to implement secure coding guidelines, conduct thorough code reviews, and facilitate threat modeling in the medical product development lifecycle.
WHAT YOU'LL DO: Driving Security Architecture & Solutions in collaboration with the Security Architect for our core digital portfolio and future products.
Conduct extensive Threat Modeling and analyze weaknesses within the system.
Work hand-on-hands with Security Architecture embedded Security-by-Design and Threat Modeling practices into the product development cycle.
Implement secure coding practices and provide secure libraries, ensuring the software is safeguarded at a foundational level.
Provide guidance on secure coding practices and conduct thorough code reviews, guiding the development team in addressing potential security issues.
Define global security models across core business verticals, ensuring secure integration with backend systems.
Develop appropriate technical and organizational security controls to mitigate identified risks, including encryption, access controls, and authentication mechanisms.
Execute Security-By-Design principles and contribute to driving Product Security Excellence.
Conduct security awareness training for employees developing, deploying, and maintaining medical devices.
WHAT YOU HAVE: Bachelor's Degree in Computer Science, Cybersecurity OR equivalent experience.
5+ years of experience in Application Security, preferably in the medical or healthcare sector.
Expertise in secure coding practices and in-depth knowledge of at least one programming language, including but not limited to .NET, Python, and JavaScript.
Familiarity with threat modeling methodologies and tools such as STRIDE, DREAD, or Attack Trees.
Advanced interpersonal skills with the ability to articulate complex technical concepts to non-technical personnel and conduct effective security awareness training.
Expertise with common security libraries, security controls, and common security flaws.
Security Knowledge: Solid understanding of network access, identity, access management, applied cryptography, network security methodologies, and secure software development methodologies.
Deep expertise with more than one of the following areas: API security, Cryptography, Identity and Access Management, Application Security practices.
NICE TO HAVE: Relevant certifications such as Certified Application Security Engineer (CASE) or similar