Application Security Architect

EPAM·Croatia·Удалённо·1 мес. назад

EPAM is looking for an Application Security Architect to join the Security practice to work directly with our biggest enterprise customers.

Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
Establish secure software development lifecycle (SSDLC) programs
Support software development teams in secure development methodologies, tools, and processes
Train Software Development teams in the areas of secure development
Building Secure Architecture and Design for the projects
Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
Cooperate with all sub-teams: BAs, Developers, Qas; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
Be able to communicate and coordinate work with other Security Teams – Cloud Security Engineers, Infrastructure Security Engineers or Penetration Testers

Software Development or Security-focused university degree OR equivalent experience
Motivation to develop and grow in the field of Security
Familiarity in one or more Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM, etc.)
Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling Tools
Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
Familiarity with of security threat, their implementation and their classification
Understanding of main security concepts and principles
Understanding of main areas of protection and levels of defense

Knowledge of cybersecurity tools within categories such as Static Code Analysis, Penetration Testing, and Intrusion Detection/Prevention
Understanding of Security Features and Mechanisms within one or more OS or development platforms/technologies
Skills in implementing mitigation mechanisms for different types of threats
Competency in working with established security standards and regulations and implementing their requirements
Familiarity with foundational principles of infrastructure security and penetration testing
Expertise in cloud security controls and policies
Relevant certifications like CISSP, CCSP, SANS GIAC or similar qualifications are beneficial
Background in Cloud Security

Похожие вакансии