Chief Application Security Architect

EPAM is looking for a Chief Application Security Architect to join its Security practice, and work directly with one of our enterprise customers in the Hospitality and Tourism industry.

#LI-DNI

Responsibilities

• Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
• Lead the PCI annual certification process by coordinating EPAM, customer and QSA efforts
• Establish secure software development lifecycle (SSDLC) programs
• Support software development teams in secure development methodologies, tools, and processes
• Train Software Development teams in the areas of secure development
• Build secure architecture and design for projects
• Communicate with customers and teams, and be able to convey the message about the importance of a Secure Software Development Life Cycle and the methods for establishing it
• Cooperate with all sub-teams - BAs, Developers, QAs - to build a consistent understanding of Security Requirements, main Threats, and Mitigations implemented
• Be able to communicate and coordinate work with other Security Teams, including Cloud Security Engineers, Infrastructure Security Engineers, and Penetration Testers

Requirements

• Software Development or Security-focused university degree OR equivalent experience
• Motivation to develop and grow in the field of Security
• Familiarity with one or more Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM)
• Familiarity with security threats and attack scenarios, such as the OWASP Top 10
• Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling tools
• Familiarity with one or more tools in the following categories: Static Code Analysis, Static/Dynamic Application Security Testing, Penetration Testing, Intrusion Detection/Prevention
• Understanding of main Security-related activities in development, such as Security Requirements gathering, Risk Assessment, and Security Code Review
• Familiarity with security threats, their implementation, and their classification
• Familiarity with existing PCI DSS and GDPR security standards, and experience with requirements implementation
• Understanding of main security concepts and principles
• Understanding of main areas of protection and levels of defense
• Understanding of threat mitigation mechanisms
• Understanding of basic principles of infrastructure security and penetration testing
• Experience with cloud security controls and policies on top of AWS

Nice to have

• Knowledge of security features and mechanisms provided by at least one operating system and development platform or technology
• Familiarity with DevOps principles: CI/CD, test automation, shift-left security, and shared responsibility models
• Experience with cloud security controls and policies using Microsoft Azure
• Relevant certifications such as CISSP, CCSP, SANS GIAC, or similar qualifications are considered an advantage

We offer

• Career plan and real growth opportunities
• Unlimited access to LinkedIn learning solutions
• International Mobility Plan within 25 countries
• Constant training, mentoring, online corporate courses, eLearning and more
• English classes with a certified teacher
• Support for employee's initiatives (Algorithms club, toastmasters, agile club and more)
• Enjoyable working environment (Gaming room, napping area, amenities, events, sport teams and more)
• Flexible work schedule and dress code
• Collaborate in a multicultural environment and share best practices from around the globe
• Hired directly by EPAM & 100% under payroll
• Law benefits (IMSS, INFONAVIT, 25% vacation bonus)
• Major medical expenses insurance: Life, Major medical expenses with dental & visual coverage (for the employee and direct family members)
• 13 % employee savings fund, capped to the law limit
• Grocery coupons
• 30 days December bonus
• Employee Stock Purchase Plan
• 12 vacations days plus 4 floating days
• Official Mexican holidays, plus 5 extra holidays (Maundry Thursday and Friday, November 2nd, December 24th & 31st)
• Monthly non-taxable amount for the electricity and internet bills

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.
By applying to our role, you are agreeing that your personal data may be used as in set out in EPAM's Privacy Notice and Policy.