Senior Security Test Engineer

at  EPAM Systems Inc

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.
We are looking for a Senior Security Test Engineer to play a critical role in ensuring the security of our web and mobile applications and underlying infrastructure.
You will be responsible for conducting periodic penetration tests, providing guidance on secure coding practices, configuring and monitoring web application firewalls (WAF), and responding to security incidents. Your expertise in secure software development lifecycle (SDLC) and familiarity with security tools will help strengthen our security posture and protect our systems from potential threats.

REQUIREMENTS

• 3+ years of experience in Security Testing
• Strong understanding of secure software development lifecycle (SDLC) and best practices
• Familiarity with security tools such as OWASP ZAP, OWASP Dependency Track, Burp Suite, and others
• Experience with vulnerability assessment tools like Snyk, SonarQube, Trivy
• Proven track record of performing penetration tests on web, mobile applications, and infrastructure
• Ability to provide actionable guidance to development teams on secure coding practices
• Experience working with external vendors for penetration testing and other security services
• Skilled in security incident response and resolution
• Proficiency in configuring and monitoring Web Application Firewalls (WAF)
• Excellent communication and collaboration skills to effectively follow up on remediation and security findings

• Conduct periodic penetration tests of web and mobile applications to identify vulnerabilities and security weaknesses
• Perform penetration tests on underlying infrastructure, including Kubernetes clusters, to ensure robust security measures are in place
• Provide guidance and support to the development team on secure coding practices to prevent security vulnerabilities
• Collaborate with external penetration testing vendors to execute comprehensive security assessments
• Respond promptly to security incidents and participate in incident resolution and post-mortem analysis
• Configure and monitor Web Application Firewalls (WAF) to detect and mitigate security threats in real time
• Follow up on the remediation of identified vulnerabilities to ensure timely resolution and risk mitigation
• Review and follow up on security findings from penetration tests, vulnerability assessments, and code reviews to maintain a high security standard
• Enhance the Continuous Integration/Continuous Deployment (CI/CD) pipeline by implementing quality gates that prevent or quickly report security vulnerabilities