Description

We are looking for an Application Security Engineer / Architect to conduct application security assessments from start to finish, with minimal assistance from the project team. You will be responsible for increasing security awareness among project teams, working closely with security champions, and helping to deliver secure software.

WHAT YOU’LL DO
• Work with the clients and project teams to perform applications security assessments
• Act as an expert in specific programming languages and web application environments
• Identify and validate application vulnerabilities, and suggest remediation at architectural and source code levels
• Establish a secure software development life cycle or enhance the existing one by introducing necessary security practices
• Ensure high-quality client service
• Contribute to building a portfolio-wide reference security architecture
• Provide the development and conducting of the security training for development teams

WHAT YOU HAVE
•... Knowledge of security features provided by at least one operating system (Windows, Linux, Android, iOS, etc.) and development platform/technologies (Java, .NET Framework, databases, etc.)
• Flexibility to use at least one security methodology: Microsoft SDL, OWASP CLASP, etc
• Understanding of the nature of security threats, the most common implementations of the threats (XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS, etc.) and how they match the general classification
• Competency in security-related activities: risk and privacy assessment, threat modeling, security code review
• Expertise in security principles such as multi-layered protection, areas of protection, levels of defense, and mitigation mechanisms for every type of threat (validation, sanitizing, crypto operations, etc.)
• Familiarity with security standards (PCI DSS, HIPAA, NIST, Common Criteria, etc.) and tools for various activities (static code analysis, pen testing, intrusion detection/prevention, etc.)

NICE TO HAVE
• Ability to use the tools to perform actual attacks is a plus
• Certification in any security area is a plus

WE OFFER
• Innovative solutions delivery to the world’s digital changes
• Experience exchange with colleagues all around the world
• Opportunities for self-realization
• Unlimited access to LinkedIn learning solutions
• Friendly team and enjoyable working environment
• Corporate and social events
• Social package: professional & soft skills trainings, medical & family care programs, sports
• Free English classes
• Regular assessments and salary reviews
• Competitive compensation

ABOUT EPAM
• EPAM is a leading global provider of digital platform engineering and development services. We are committed to positively impacting our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to learn and grow continuously. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential
Kyrgyzstan

Salary Criteria