Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.
As an Application Security Engineer you will be responsible for increasing Security Awareness among Project Teams and making products more robust and secure. This kind of goal tends to be very challenging and include lots of various activities: from communicating with Customer explaining what IT Security in general and Application Security in particular mean, advocating consistent approach to Security through the whole SDLC for both Customer and the Development Team, tracking and helping the Team with Security-related activities, going deep into project details, creation of security-related artifacts, making contribution into Security Testing etc.
Review Secure Design (Threat Model) for all new development projects;
Scan Application Security Source Code for all products and platforms;
Consult on all 3rd-party Application Security Penetration Testing;
Consult on vulnerability response process, impact assessments and remediation plans;
Recommend design and code changes to meet product security objectives and remedy security findings;
Perform unit-test if needed to verify a remediation or provide a proof-of-concept as evidence of a vulnerability.
Understanding of Threat Models;
Manual Security Code Review;
Ability to triage results of SAST/DAST reports;
Knowledge of how to implement mitigations:
In details - for one language/platform;
In general - for other language platform.
Knowledge of modern authentication protocols: WS-Fed, SAML, OAuth2, OpenID Connect, crypto-libraries, options for key management;
Ability to reproduce/verify security issues;
Practical knowledge of "hacking tools": like ZAP, BURP, Acunetics, Wireshark, etc;
Practical understanding of all "main Attacks";
Ability to use the tools to perform actual attacks is a plus;
Certification in any security area is a plus.
Work with cutting-edge technologies and participation on projects in various domains;
Opportunity to work in a distributed team on an international project;
In-house education and training - Our educational platforms provide over 6,000 courses and trainings esigned to develop both technical and soft skills. Moreover, we have special educational programs for advanced specialists—Delivery Management School, Solution Architecture School, and Solution Architecture University. And even better yet, free English courses and conversational clubs are available for you right inside our offices;
Participation in mentoring programs for both technical specialists and managers;
Self-fulfillment opportunities beyond projects: we hold meetups and conferences where our employees act as speakers, invite trainers for speakers, and develop professional communities;
Relocation opportunities—both within and outside Russia (EPAM's offices are present in ten Russian cities as well as in over 25 countries);
We support flexible hours and occasional remote work;
Voluntary health insurance policy, including dental care, is available to you right from your first working day; in-house medical care is provided;
Reimbursement for sports activities plus in-house yoga trainings. Moreover, you will be able to attend training sessions and participate in tournaments (soccer, basketball, and volleyball) with our corporate teams;
Educational programs for children of our employees (in-house programming courses).