Overview

EPAM is looking for an experienced Senior Application Security Engineer to support our clients in improving their security posture.

You will work together with various security and non-security teams to implement secure coding guidelines, conduct thorough code reviews, integrate SAST/DAST tools into the CI/CD pipeline and facilitate threat modeling in the software development lifecycle.

Responsibilities

  • Conduct security reviews, threat modelling and review penetration test results for applications
  • Collaborate with software developers and other stakeholders to remediate security vulnerabilities
  • Develop and implement automated security testing tools and procedures to identify security issues
  • Integrate security tools, standards, and processes into the secure software development lifecycle (SSDLC)
  • Stay updated on the latest security threats and ensure our scanning rules evolve accordingly
  • Educate and train developers on security best practices and security awareness
  • Define and lead the security strategy and roadmap for application development
  • Optimize and customize SAST processes to align with application security requirements
  • Deeply understand and advocate for SAST methodologies, explaining the how and why behind their use in the development lifecycle
  • Collaborate with developers to integrate SAST tools seamlessly into their workflows and CI/CD pipelines

Requirements

  • 5+ years of experience in Application Security
  • Strong experience with Checkmarx CxSAST or other SAST tools
  • Proficiency in CxQL for writing and modifying scanning rules
  • Deep understanding of SAST and its role in secure software development
  • Familiarity with GitHub and integrating security scans into CI/CD pipelines
  • Excellent analytical skills for interpreting scan results and improving scan accuracy
  • Strong communication skills to effectively collaborate with development teams and stakeholders
  • Holistic understanding of DevSecOps practices, emphasizing security integration at every phase of software development
  • Fluent English communication skills at a B2+ level

Nice to have

  • Experience with Python, Go or other scripting languages and automation technologies
  • Basic knowledge of Cloud Platforms
  • Familiarity with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOps
  • Experience with containerization and orchestration technologies like Docker and Kubernetes
  • Understanding of SecOps tools and practices, including security monitoring, incident response, and threat modeling
  • Knowledge of Infrastructure as Code tools like Terraform or Ansible
  • Experience with security monitoring and logging tools like ELK Stack or Prometheus

Hungary

  • Dynamic, entrepreneurial corporate environment
  • Diverse multicultural, multi-functional, and multilingual work environment
  • Opportunities for personal and career growth in a progressive industry
  • Global scope, international projects
  • Widespread training and development opportunities
  • Unlimited access to LinkedIn learning solutions
  • Competitive salary and various benefits
  • Advanced wellbeing and CSR programs, recreation area

[epamgdo] Hungary (About EPAM)

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.

[epamgdo] Hungary (Campus Programs)

Do you know someone interested in starting a career in IT? Share our EPAM Campus programs with them, where they can enhance their knowledge in various fields online, free of charge.