Application Security Architect Budapest, Hungary or Remote
Application Security Architect Description
Job #: 74396No less important is the safety, well-being and experience of our applicants. Therefore, until further notice, all EPAM employment interviews will be conducted remotely. Our recruitment professionals and hiring managers are standing by to ensure a robust and engaging virtual candidate experience. We look forward to speaking with you!
DESCRIPTION
EPAM is looking for an Application Security Architect to join the Security practice to work directly with our biggest enterprise customers.
Responsibilities
- Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
- Establish secure software development lifecycle (SSDLC) programs
- Support software development teams in secure development methodologies, tools, and processes
- Train Software Development teams in the areas of secure development
- Building Secure Architecture and Design for the projects
- Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
- Cooperate with all sub-teams: BAs, Developers, Qas; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
- Be able to communicate and coordinate work with other Security Teams – Cloud Security Engineers, Infrastructure Security Engineers or Penetration Testers
Requirements
- Software Development or Security-focused university degree OR equivalent experience
- Motivation to develop and grow in the field of Security
- Familiarity in one or more Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc)
- Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling Tools
- Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
- Familiarity with of security threat, their implementation and their classification
- Understanding of main security concepts and principles
- Understanding of main areas of protection and levels of defense
Nice to have
- Familiarity with the one or more cybersecurity tools in the following categories: Static Code Analysis, Penetration Testing, Intrusion Detection/ Prevention
- Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
- Understanding of mitigation mechanisms for every type of threats
- Familiarity with existing security standards and regulations experience of requirements implementation
- Understanding of basic principles of infrastructure security and penetration testing
- Experience with cloud security controls and policies
- Relevant certifications such as CISSP, CCSP, SANS GIAC or similar qualifications are a considered an advantage
We offer
- Dynamic, entrepreneurial, high speed, high growth corporate environment
- Diverse multicultural, multi-functional, and multilingual work environment
- Opportunities for personal and career growth in a progressive industry
- Global scope, international projects
- Widespread training and development opportunities
- Unlimited access to LinkedIn learning solutions
- Competitive salary and various benefits
- Sport and social teams support, recreation area, advanced CSR programs