Контакты

Security Testing Engineer/Security Analyst

St-Petersburg, Russia

Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION


Currently we are looking for a Security Testing Engineer for our Saint Petersburg office to make the team even stronger.

As an Application/Information Security Engineer, you will help EPAM's clients to assess the security level of their infrastructure, web and mobile applications. This position will require advanced technical depth and experience, technical leadership, and multifaceted communication skills. Scope and tasks may vary depending on the customer needs. You may be involved in the full project security lifecycle from analysis and planning to development and deployment, as well as assisting with pre-sales opportunities, delivering security related trainings. Along with this, you may be engaged to perform short-term pentests requiring to act like an insider (internal penetration test) or external penetration test, in which you will simulate an attack via the Internet. Both engagement types may require either penetration testing or vulnerability assessment.

Responsibilities

  • Scope and estimate tasks, as well as manage multiple tasks with minimal supervision;
  • Demonstrate considerable knowledge of planning and team management specific to security assessment;
  • Conduct vulnerability assessments and penetration testing;
  • Collaborate with technical and management personnel across the full security assessment life cycle;
  • Utilize problem solving skills, especially within troubleshooting complex issues while identifying options and/or alternatives;
  • Document all disclosed issues using different reporting formats;
  • Provide remediation suggestions to correct disclosed issues;
  • Collaborate with personnel responsible for writing and presenting proposals to prospective clients;
  • Manage and contribute to planning, coordination and successful completion of security engagements.

Requirements

  • At least 1 year of practical proven experience in penetration testing;
  • Ability to perform evaluation of application requirements, processes, technologies;
  • Ability to select, educate and communicate the right solution based on client requirements and objectives;
  • Experience in different exploitation tools and frameworks (Metasploit, BeEF, SQLMap, etc.);
  • Experience in different vulnerability scanners (Acunetix, Nessus, etc.);
  • Ability to resolve technical problems when required;
  • Ability to develop custom scripts needed for specific assessment purposes (Python, bash, PowerShell);
  • Ability to explain assessment results to technical and non-technical personnel;
  • Experience in development of security-related documentation;
  • Experience in security testing of Web Applications based on different technologies (.NET, Java, PHP);
  • Experience in security testing of Web Services (SOAP, RESTful).

Nice to have

  • Certification in security field;
  • Understanding of and practical experience in security audit process, meeting security compliance requirements (ISO, PCI DSS, HIPAA) and methodologies (OSSTM, OWASP, PTES);
  • Previous experience as a Software Engineer or knowledge of software development methodologies is desired, but not mandatory;
  • Ability to develop, implement and guide security assessments’ process on the project;
  • Experience in security testing of Mobile Applications (iOS, Android, Windows Mobile);
  • Experience in security testing of infrastructure.

We offer

  • Work with cutting-edge technologies and participation on projects in various domains;
  • Opportunity to work in a distributed team on an international project;
  • In-house education and training - Our educational platforms provide over 6,000 courses and trainings esigned to develop both technical and soft skills. Moreover, we have special educational programs for advanced specialists—Delivery Management School, Solution Architecture School, and Solution Architecture University. And even better yet, free English courses and conversational clubs are available for you right inside our offices;
  • Participation in mentoring programs for both technical specialists and managers;
  • Self-fulfillment opportunities beyond projects: we hold meetups and conferences where our employees act as speakers, invite trainers for speakers, and develop professional communities;
  • Relocation opportunities—both within and outside Russia (EPAM's offices are present in ten Russian cities as well as in over 25 countries);
  • We support flexible hours and occasional remote work;
  • Voluntary health insurance policy, including dental care, is available to you right from your first working day; in-house medical care is provided;
  • Reimbursement for sports activities plus in-house yoga trainings. Moreover, you will be able to attend training sessions and participate in tournaments (soccer, basketball, and volleyball) with our corporate teams;
  • Educational programs for children of our employees (in-house programming courses).