We are seeking a talented DevOps Security (DevSecOps) professional to join EPAM’s Security practice, which is dedicated to serving our renowned clients in the Hospitality and Tourism sector.
In this pivotal role, the successful candidate will be instrumental in integrating and maintaining security measures throughout the application development and deployment processes to uphold and enhance security standards.
We accept CVs in English only.

REQUIREMENTS

• 2+ years of Software Development or Security-focused experience
• High motivation for development and growth within the security field
• Familiarity with Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM)
• Familiarity with OWASP Top 10 security threats and attack scenarios
• Hands-on experience with Threat Modeling and familiarity with Threat Modeling Tools
• Familiarity with tools for Static Code Analysis, Static / Dynamic Application Security Testing, Penetration Testing, Intrusion Detection / Prevention
• Understanding of core Security-related activities within development including Security Requirements gathering, Risk Assessment, Security Code Review
• Experience with PCI DSS and GDPR security standards and their implementation requirements
• Understanding of main security concepts, principles, areas of protection, levels of defense, threats mitigation mechanisms, and basic principles of infrastructure security and penetration testing
• Proficiency in cloud security controls and policy implementation on AWS
• Fluent English communication skills at a B2+ level

• Support the coordination of EPAM, customer, and QSA efforts for PCI annual certification
• Embed security controls within development and deployment pipelines
• Automate security processes to maintain pace with DevOps deployment cycles
• Establish Secure Software Development Lifecycle (SSDLC) programs
• Train software development teams on secure development methodologies and tools
• Review and recommend robust security architecture in AWS
• Communicate the significance of a Secure Software development Life Cycle with customer and teams
• Work across teams — including BAs, TLs, Developers, and QA — ensuring consistent understanding of security requirements and implemented mitigations
• Collaborate and coordinate with other security teams such as Cloud Security Engineers or Penetration Testers
• Conduct risk assessments, identify vulnerabilities and recommend mitigation measures
• Develop and implement incident response plans
• Perform regular code reviews and security tests including both static and dynamic analysis
• Align security activities with business stakeholders and goals