Skip navigation EPAM

Application Security Consultant Gdansk, Poland

Application Security Consultant Description

Job #: 53838
Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION


Due to ongoing growth within a key client we require a Application Security Consultant to play a key role in establishing our Poland onsite presence.

Responsibilities

  • Lead and coordinate Security Audits for on-going projects: (from Architecture, Process, Risk and Testing etc.)
  • Work as a Security Consultant helping to establish secure development activities in SDLC end-to-end, be able to provide clarifications related to security in development
  • Perform Application Security Trainings for Development Teams
  • Contribute to building Secure Architecture and Design for the projects
  • Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
  • Cooperate with all sub-teams: BAs, Developers, Qas; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
  • Be able to communicate and coordinate work with other Security Teams - Infrastructure Security Experts, Penetration Testers

Requirements

  • Ability to face off to the clients to provide helicopter view on the security processes in conjunction with a deep understanding of the business needs
  • 3+ years of professional experience in the field of Software Development
  • Passion to develop in the field of Security
  • Understanding of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.)
  • Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Threat Modeling, Security Code Review
  • Understanding of security threats, their classification
  • Understanding of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc.) and how they match the general classification
  • Understanding of main security concepts and principles
  • Understanding of main areas of protection and levels of defense

Nice to have

  • Familiarity with the tools for various security activities: Static Code Analysis, Pen Testing, Intrusion Detection/Prevention etc
  • Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
  • Understanding of mitigation mechanisms for every type of threats
  • Familiarity with existing security standards and regulations experience of requirements implementation
  • Understanding of basic principles of infrastructure security and penetration testing
  • Ability to use the tools to perform actual attacks is a plus
  • Certification in any security area is a plus

We offer

  • Vast opportunities for self-development: online courses and library, experience exchange with colleagues around the world, partial grant of certification
  • English language classes
  • Polish language classes for Foreigners
  • Career development center
  • Unlimited access to LinkedIn learning solutions
  • Possibility to relocate for short and long-term projects (ex. to USA or Switzerland)
  • Benefit package (private insurance, health care, multisport, lunch tickets, and shopping vouchers, etc.)
  • Possibility to be involved in an international project
  • Remote work options
  • Relocation package for foreign applicants as well as for people relocating within Poland
  • Please note that only selected candidates will be contacted

Witaj. W czym możemy pomóc?


NASZE LOKALIZACJE