EPAM is looking for a Chief Application Security Architect to join its Security practice, and work directly with one of our enterprise customers in the Hospitality and Tourism industry.
EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.

REQUIREMENTS

• Software Development or Security-focused university degree OR equivalent experience
• Motivation to develop and grow in the field of Security
• Familiarity with one or more Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM)
• Familiarity with security threats and attack scenarios, such as the OWASP Top 10
• Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling tools
• Familiarity with one or more tools in the following categories: Static Code Analysis, Static/Dynamic Application Security Testing, Penetration Testing, Intrusion Detection/Prevention
• Understanding of main Security-related activities in development, such as Security Requirements gathering, Risk Assessment, and Security Code Review
• Familiarity with security threats, their implementation, and their classification
• Familiarity with existing PCI DSS and GDPR security standards, and experience with requirements implementation
• Understanding of main security concepts and principles
• Understanding of main areas of protection and levels of defense
• Understanding of threat mitigation mechanisms
• Understanding of basic principles of infrastructure security and penetration testing
• Experience with cloud security controls and policies on top of AWS

• Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
• Lead the PCI annual certification process by coordinating EPAM, customer and QSA efforts
• Establish secure software development lifecycle (SSDLC) programs
• Support software development teams in secure development methodologies, tools, and processes
• Train Software Development teams in the areas of secure development
• Build secure architecture and design for projects
• Communicate with customers and teams, and be able to convey the message about the importance of a Secure Software Development Life Cycle and the methods for establishing it
• Cooperate with all sub-teams - BAs, Developers, QAs - to build a consistent understanding of Security Requirements, main Threats, and Mitigations implemented
• Be able to communicate and coordinate work with other Security Teams, including Cloud Security Engineers, Infrastructure Security Engineers, and Penetration Testers