Application Security Architect

EPAM·Hungary·Удалённо, Офис·1 мес. назад

EPAM is looking for an Application Security Architect to join the Security practice to work directly with our biggest enterprise customers.

Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
Establish secure software development lifecycle (SSDLC) programs
Support software development teams in secure development methodologies, tools, and processes
Train Software Development teams in the areas of secure development
Building Secure Architecture and Design for the projects
Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
Cooperate with all sub-teams: BAs, Developers, Qas; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
Be able to communicate and coordinate work with other Security Teams – Cloud Security Engineers, Infrastructure Security Engineers or Penetration Testers

Software Development or Security-focused university degree OR equivalent experience
Motivation to develop and grow in the field of Security
Familiarity in one or more Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM, etc.)
Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling Tools
Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
Familiarity with of security threat, their implementation and their classification
Understanding of main security concepts and principles
Understanding of main areas of protection and levels of defense

Familiarity with the one or more cybersecurity tools in the following categories: Static Code Analysis, Penetration Testing, Intrusion Detection/ Prevention
Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
Understanding of mitigation mechanisms for every type of threats
Familiarity with existing security standards and regulations experience of requirements implementation
Understanding of basic principles of infrastructure security and penetration testing
Experience with cloud security controls and policies
Relevant certifications such as CISSP, CCSP, SANS GIAC or similar qualifications are a considered an advantage
Experience with Cloud Security