Skip navigation EPAM

Security Engineer / Architect

  • Sofia, Bulgaria
  • hot
Job #: 45249
Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION


EPAM is looking for an experienced Security Engineer / Architect with good communication skills to join our global team of IT professionals. A Security Engineer will be a part of the Information Security Team and will be responsible for assessing, designing, resolving and integrating security technology solutions. As a Security Architect you will be responsible for increasing Security Awareness among Project Teams and making products more robust and secure. You will work with the Development Teams, mentoring and driving them through the security baseline assessment and adopting Secure SDLC process.

Responsibilities

  • Detect and resolve security issues across whole assets of the company including databases, web applications, network devices, server, workstations, etc
  • Collaborate with Enterprise Architects, other functional area Architects and Security Specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements
  • Serve as a Security Expert in application development, database design, network and/or platform (operating system) efforts, helping Project Teams comply with information security policies, industry regulations, and best practices
  • Contribute in building Secure Architecture and Design for the projects, perform Security Audits for ongoing projects: both Architecture and Implementation/Code Review
  • Work as a Security Advisor helping to establish secure development activities in SDLC end-to-end
  • Perform security trainings for Development Teams
  • Communicate with customers and teams, be able to convey the message about importance of security, the ways of establishing it and the wrong ways of enforcing it (e.g. do penetration testing before release)
  • Research, design and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors
  • Evaluate and develop secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks
  • Develop and write standard documents as they pertain to architecture or security technology solutions

Requirements

  • Expert knowledge of security issues, techniques and implications across existing computer platforms (Windows, Unix, macOS) required
  • Knowledge of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP CLASP, etc.)
  • Knowledge of main Security-related activities in development such as Risk and Privacy Assessment, Threat Modeling, Security Code Review
  • Deep understanding of the nature of Security threats and their classification
  • Knowledge of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS, etc.) and how they match the general classification
  • Understanding of main security principles, such as multi-layered protection (Defense in depth)
  • Understanding of main areas of protection (security, privacy, availability) and levels of defense (networking, infrastructure, operation system, application)
  • Understanding of mitigation mechanisms for every type of threats (e.g. validation, sanitizing, cryptographic operations, etc.)
  • Good knowledge of Security Features and Mechanisms provided by at least one Operation System (e.g. Windows, Linux, Android, iOS, etc.) and development platform/technologies (e.g. Java, .NET Framework, databases, etc.)
  • Familiar with existing Security Standards (e.g. PCI DSS, HIPAA, NIST, Common Criteria, etc.) and what does it mean to implement compliance with them
  • Familiar with the tools for various security activities: Static Code Analysis, Penenetration testing, Intrusion Detection/Prevention, etc
  • Understanding of basic principles of Infrastructure security and Penetration testing
  • Ability to use the tools to perform actual attacks is a plus
  • Experience in SIEM (QRadar), DLP systems (Symantec, Office 365), building process and implementation systems from the ground up
  • Experience in Advanced Threat Protection (Cisco AMP, Symantec ATP), Antivirus systems (Symantec Endpoint Protection), building process and implementation systems from the ground up
  • Experience with MDM, EMM tools (MobileIron)
  • Experience with Endpoint Encryption solutions (MBAM, Symantec, Check Point)
  • Experience in web application scanners (Acunetix) and Continuous Vulnerability Management solutions (Nessus, Qualys)
  • Analyze, interpret and implement security hardening and best practice guidelines from reputable industry sources like Center for Internet Security (CIS), DISA and others

We offer

  • Personal development program that will allow you to be valued for your strengths
  • Wide range of professional trainings and workshops
  • Attractive salary, additional health and dental insurance as well as other social benefits
  • Broad projects variety and possible mobility between projects over the time
  • Experience exchange with colleagues around the world
  • Work-life balance and flexible schedule, team buildings and sport opportunities
  • Modern office in the Infinity Tower business center
  • If you are interested in this role please send your CV in English. All applications will be treated as strictly confidential
  • Only short-listed applicants will be contacted

Здравствуйте, чем мы можем вам помочь?


Наши офисы