Senior Application Security Engineer

EPAM is looking for an experienced Senior Application Security Engineer to support our clients in improving their security posture. You will work together with various security and non-security teams to implement secure coding guidelines, conduct thorough code reviews, integrate SAST/DAST tools into the CI/CD pipeline and facilitate threat modeling in the software development lifecycle.

ResponsibilitiesConduct security reviews, threat modelling and review penetration test results for applicationsCollaborate with software developers and other stakeholders to remediate security vulnerabilitiesDevelop and implement automated security testing tools and procedures to identify security issuesIntegrate security tools, standards, and processes into the secure software development lifecycle (SSDLC)Stay updated on the latest security threats and ensure our scanning rules evolve accordinglyEducate and train developers on security best practices and security awarenessDefine and lead the security strategy and roadmap for application developmentOptimize and customize SAST processes to align with application security requirementsDeeply understand and advocate for SAST methodologies, explaining the how and why behind their use in the development lifecycleCollaborate with developers to integrate SAST tools seamlessly into their workflows and CI/CD pipelinesRequirements5+ years of experience in Application SecurityStrong experience with Checkmarx CxSAST or other SAST toolsProficiency in CxQL for writing and modifying scanning rulesDeep understanding of SAST and its role in secure software developmentFamiliarity with GitHub and integrating security scans into CI/CD pipelinesExcellent analytical skills for interpreting scan results and improving scan accuracyStrong communication skills to effectively collaborate with development teams and stakeholdersHolistic understanding of DevSecOps practices, emphasizing security integration at every phase of software developmentFluent English communication skills at a B2+ levelNice to haveExperience with Python, Go or other scripting languages and automation technologiesBasic knowledge of Cloud PlatformsFamiliarity with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOpsExperience with containerization and orchestration technologies like Docker and KubernetesUnderstanding of SecOps tools and practices, including security monitoring, incident response, and threat modelingKnowledge of Infrastructure as Code tools like Terraform or AnsibleExperience with security monitoring and logging tools like ELK Stack or PrometheusWe offerCareer development opportunities with a transparent career pathWide range of professional trainings, workshops, and mentoring programs plus unlimited access to LinkedIn LearningLearning resources and financial support for completing certification programsChristmas and Vacation bonusCorporate Health Insurance (basic and supplementary)Free yearly medical check-ups25 days of vacationEPAM is a leading global provider of digital platform engineering and development services.

We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.