What You’ll Do

• Actively participate in the decision-making process regarding infrastructure architecture for both internal projects and EPAM’s customers
• Conduct tools and practices research, evaluation, proof of concept, and training for internal and external customers
• Design, implement and maintain GitOps cycles based on Immutable Infrastructure
• Develop and maintain Continuous Deployment processes, tools, and execution; includes test frameworks, static code analysis, promotion gateways, etc
• Design, develop, and support Configuration Management as Code, tools, and execution for internal projects or EPAM’s clients’ projects
• Design, implement, and promote the non-functional tests automation for products EPAM develops for its customers
• Seek quality and resource optimization to improve the product and the team's value stream

Responsibilities

• Application Security Assessments - Defines and updates an application security methodology and performs assessments across internal, external applications
• Secure Coding - Keeps Web development teams apprised of secure coding best practice, and assists with static/dynamic code analysis
• Assist in the design, creation, testing, documentation, deployment and maintenance of new automation, capabilities and Security services for the InfoSec team
• Stay abreast of internal applications and their security posture
• Blue Team Cross Training - Remains abreast of Application Security threats and defines and develops InfoSec training on web-based exploits/tools and corresponding mitigation techniques

Benefits

• Learning Culture
• Health coverage
• Visual Benefit
• Life Insurance Plan
• Medical leave coverage
• Professional growth opportunities
• Community Benefit
• Relocation Program

Qualification

• 3+ years experiense of Information Security principles, technology, and control processes
• Experience in design review and threat modeling
• Experience with providing security services as part of an SDLC
• Experience with Secure Coding and AppSec frameworks (OWASP Guide, SANS CWE Top 25, CERT Secure Coding)
• Excellent oral and written communication skills, including report writing and technical documentation
• CEH and Offensive Security Certification (OSCP, GPEN, or GWAPT)
• On the dev side:
• 3+ years of development experience building systems in languages such as Python, C++, Golang/Rust
• Experience working with and setting up services on AWS infrastructure
• Understand and be able to apply concepts such as algorithms, data structures, OOO design, databases
• The ability to work with a team, building complex solutions is a plus
• Knowing how to work with CI/CD systems is also a plus
• Knowing Docker and Terraform are also a plus