Skip navigation EPAM

Security Architect

  • Sofia, Bulgaria
  • hot
Job #: 45254
Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION


EPAM is looking for an experienced Security Architect with good communication skills to join our global team of IT professionals. A Security Engineer will be a part of the Information Security Team and will be responsible for assessing, designing, resolving and integrating security technology solutions. As a Security Architect you will be responsible for increasing Security Awareness among Project Teams and making products more robust and secure. You will work with the Development Teams, mentoring and driving them through the security baseline assessment and adopting Secure SDLC process.

Responsibilities

  • Perform security audits for ongoing projects: both architecture and implementation/code review
  • Contribute in building Secure Architecture and Design for the new projects or making corrections to the existing ones
  • Consult on all third-party application security Penetration Testing
  • Consult on vulnerability response process, impact assessments and remediation plans
  • Recommend design and code changes to meet product security objectives and remedy security findings
  • Perform unit test if needed to verify a remediation or provide proof of- oncept as evidence of a vulnerability
  • Work as a Security Advisor helping tevelopment activitieo establish secure development activities in SDLC end-to-end
  • Communicate with customers and teams, be able to convey the message about importance of security, the ways of establishing it and the wrong ways of enforcing it (e.g. do penetration testing before release)
  • Work on Presales making sure Security is addressed properly and taken into account in budget and effort estimations

Requirements

  • Knowledge of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP CLASP, etc.)
  • Knowledge of main Security-related activities in development such as Risk and Privacy Assessment, Threat Modeling, Security Code Review
  • Deep understanding of the nature of Security Treats and their classification
  • Knowledge of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS, etc.) and how they match the general classification
  • Understanding of main security principles, such as multi-layered protection (Defense in depth)
  • Understanding of main areas of protection (security, privacy, availability) and levels of defense (networking, infrastructure, operation system, application)
  • Understanding of mitigation mechanisms for every type of threats (e.g. validation, sanitizing, cryptographic operations, etc.)
  • Good knowledge of Security Features and Mechanisms provided by at least one Operation System (e.g. Windows, Linux, Android, iOS, etc.) and development platform/technologies (e.g. Java, .NET Framework, databases, etc.)
  • Familiar with existing Security Standards (e.g. PCI DSS, HIPAA, NIST, Common Criteria, etc.) and what does it mean to implement compliance with them
  • Familiar with the tools for various security activities: Static Code Analysis, Penenetration testing, Intrusion Detection/Prevention, etc
  • Experience with Vulnerability Assessment and Penetration Testing and familiarity with common security vulnerabilities, the lexicon of findings (CVSS, CVE), ability to assess severity, etc
  • Understanding of basic principles of Infrastructure security and Penetration testing
  • Ability to use the tools to perform actual attacks is a plus
  • Possess security certifications (CEH, CSSLP, CREST, CISSP, etc.) is a plus

We offer

  • Personal development program that will allow you to be valued for your strengths
  • Wide range of professional trainings and workshops
  • Attractive salary, additional health and dental insurance as well as other social benefits
  • Broad projects variety and possible mobility between projects over the time
  • Experience exchange with colleagues around the world
  • Work-life balance and flexible schedule, team buildings and sport opportunities
  • Modern office in the Infinity Tower business center
  • If you are interested in this role please send your CV in English. All applications will be treated as strictly confidential
  • Only short-listed applicants will be contacted

Здравствуйте, чем мы можем вам помочь?


Наши офисы