Senior Security Engineer​

We are looking for a Security SAST Engineer with expertise in static application security testing, especially using GitHub CodeQL, to join our security team.
This role involves analyzing Java libraries and client projects to uncover security vulnerabilities and potential risks in the code. You'll also be developing and maintaining CodeQL queries to enhance SAST coverage, as well as conducting false-positive/false-negative analyses to ensure accuracy in SAST results.

#LI-DNI

Responsibilities

• Conduct security analysis on Java libraries and SAP projects to identify vulnerabilities or unsafe code patterns
• Develop, test, and maintain custom CodeQL queries to improve SAST coverage and effectiveness
• Manage and update existing CodeQL queries to align with project needs and security standards
• Perform in-depth false-positive/false-negative analyses to refine SAST accuracy and reduce deviations in CodeQL results

Want more jobs like this?

Get jobs in Kutná Hora, Czech Republic delivered to your inbox every week.

Get Jobs

Send me The Muse newsletters for the best in career advice and job search tips.

By signing up, you agree to our Terms of Service & Privacy Policy.

• Experience with SAST tools (preferably GitHub CodeQL) and a solid understanding of SAST workflows
• Basic proficiency in Java and ability to read and interpret code across various programming languages
• Experience with GitHub Actions and GitHub Advanced Security (GHAS) is a plus
• Knowledge in Python, JavaScript, and C# is an advantage
• Strong attention to detail and problem-solving skills for precise query writing and code analysis

• Experience with rule or query writing for SAST tools
• Background in secure coding practices and code review

• Opportunity to work in a fast-paced, agile, software engineering culture
• Comfortable modern office in Prague 7, with support of hybrid or fully remote mode
• Benefit program (5 weeks of vacation, paid sick days, paid days off for special occasions, meal vouchers, flexi pass, Prague city public transport annual coupon, multisport cards, optional contribution to pension fund, health insurance for family member)
• EPAM Employee Stock Purchase Plan (ESPP) (subject to certain eligibility requirements)
• English language courses
• Czech language courses upon request
• Referral bonuses for recommended candidates
• Mobile Phone Tariff's program for managerial-level candidates
• Great learning and development opportunities, including in-house professional training, career advisory and coaching, sponsored professional certifications, well-being programs, LinkedIn Learning Solutions and much more