Skip navigation EPAM

Application Security Architect

  • St-Petersburg, Russia
  • hot
Job #: 43630
Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION


As an Application Security Architect you will be responsible for increasing Security Awareness among Project Teams and making products more robust and secure.

This kind of goal tends to be very challenging and include lots of various activities: from communicating with Customer explaining what IT Security in general and Application Security in particular mean, advocating consistent approach to Security through the whole SDLC for both Customer and the Development Team, tracking and helping the Team with Security-related activities, going deep into project details, creation of security-related artifacts, making contribution into Security Testing, etc.

Another very common case is when Application Security Architect is involved on the mature stage of SDLC for security review of already existing product.

Responsibilities

  • Perform Security Audits for on-going projects: both Architecture and Implementation/Code Review
  • Contribute in building Secure Architecture and Design for the new projects or making corrections to the existing ones
  • Work as a Security Advisor helping to establish secure development activities in SDLC end-to-end
  • Perform Security Trainings for Development Teams
  • Communicate with customers and teams, be able to convey the message about importance of security, the ways of establishing it and the wrong ways of enforcing it (e.g. do penetration testing before release)
  • Communicate with all sub-teams: BAs, Developers, QAs, building consistent understanding of Security Requirements, main Threats, Mitigation implemented
  • Be able to communicate and coordinate work with other Security Teams - Infrastructure Security Experts, Penetration Testers
  • Work as a consultant answering particular questions related to security in development
  • Work on Pre-sales making sure Security is addressed properly and taken into account in budget and effort estimations

Requirements

  • Knowledge of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP CLASP, etc)
  • Knowledge of main Security-related activities in development such as Risk and Privacy Assessment, Threat Modeling, Security Code Review
  • Deep understanding of the nature of security threats, their classification
  • Knowledge of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc) and how they match the general classification
  • Understanding of main security principles, such as multi-layered protection (Defense in Depth)
  • Understanding of main areas of protection (Security, Privacy, Availability) and levels of defense (networking, infrastructure, OS, Application)
  • Understanding of mitigation mechanisms for every type of threats (e.g. validation, sanitizing, crypto-operations, etc)
  • Good knowledge of Security Features and Mechanisms provided by at least one OS (e.g. Windows, Linux, Android, iOS, etc) and development platform/technologies (e.g. Java, .NET Framework, databases, etc)
  • Familiarity with existing Security Standards (e.g. PCI DSS, HIPAA, NIST, Common Criteria, etc) and what does it mean to implement compliance with them
  • Familiarity with the tools for various security activities: Static Code Analysis, Penetration Testing, Intrusion Detection/Prevention, etc
  • Understanding of basic principles of infrastructure security and penetration testing
  • Ability to use the tools to perform actual attacks is a plus
  • Certification in any security area is a plus

We offer

  • Work with cutting-edge technologies and participation on projects in various domains
  • Opportunity to work in a distributed team on an international project
  • In-house education and training - Our educational platforms provide over 6,000 courses and trainings esigned to develop both technical and soft skills. Moreover, we have special educational programs for advanced specialists—Delivery Management School, Solution Architecture School, and Solution Architecture University. And even better yet, free English courses and conversational clubs are available for you right inside our offices
  • Participation in mentoring programs for both technical specialists and managers
  • Self-fulfillment opportunities beyond projects: we hold meetups and conferences where our employees act as speakers, invite trainers for speakers, and develop professional communities
  • Relocation opportunities—both within and outside Russia (EPAM's offices are present in ten Russian cities as well as in over 25 countries)
  • We support flexible hours and occasional remote work
  • Voluntary health insurance policy, including dental care, is available to you right from your first working day; in-house medical care is provided
  • Reimbursement for sports activities plus in-house yoga trainings. Moreover, you will be able to attend training sessions and participate in tournaments (soccer, basketball, and volleyball) with our corporate teams
  • Educational programs for children of our employees (in-house programming courses)
Learn more about EPAM in Russian Federation

Equal Employment Opportunity

EPAM Systems, Inc. is an equal opportunity employer.  We recognize the value of diversity and inclusion in creating success for our customers, business partners, shareholders, employees and communities. We are committed to recruiting, hiring, developing and promoting employees without discrimination. As a global employer, this commitment includes complying with all laws in the countries in which we operate. Nevertheless, we believe equal employment practices should not be limited to what the law requires. Equal opportunity and inclusion are essential to motivate, empower and recognize the best in everyone.

At EPAM, employment actions are based on individual qualifications, without regard to race, color, religion, creed, gender, pregnancy status, sexual orientation, gender identity, gender expression, marital or familial status, national origin, ancestry, genetics, age, disability status, veteran status, citizenship status when otherwise legally able to work, or any other characteristic protected by law.

Pay Transparency Non-Discrimination Provision

EPAM will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

Affirmative Action Obligations as a U.S. Government Federal Contractor

As a U.S. federal government contractor, EPAM is committed to meet its affirmative action obligations to make good faith efforts to expand the recruiting pool of women, minorities, individuals with disabilities, and protected veterans through outreach, targeted recruitment, training opportunities and other activities. We affirm this commitment annually in EPAM’s Affirmative Action Plans. The full text of our Affirmative Action Plan for Persons with a Disability and Protected Veterans is available for inspection in the People Operations Department during normal business hours. Email the People Operations Department to schedule an appointment.

Accessibility for Applicants with Disabilities

EPAM is committed to working with and providing reasonable accommodation to individuals with disabilities. If you require an accommodation at any stage of the employment application process, please send an email to the People Operations Department including your name, a detailed description of your requested accommodation, and the best method to contact you. If you have already reviewed a job posting or submitted an application for a job, please include the requisition number. We will assist you and make a determination on your accommodation request on a case-by-case basis.

EEO is the Law. Applicants to and employees of EPAM Systems Inc., are protected under Federal law from discrimination.

EPAM Systems, Inc. participates in eVerify.

Background investigations are required for all new hires as a condition of employment, after the job offer is made. Employment will not begin until EPAM Systems receives and approves the results of the background check.

A day in the life

SALMAN TALAT
Account Manager
Toronto, Canada

IRYNA KOVALENKO
Delivery Manager
Kyiv, Ukraine

JAN MAZUREK 
Senior Business Analyst
Gdansk, Poland

DANIELLA KOROSSY
Project Manager
Budapest, Hungary

MIGUEL MURILLO
Software Engineer
Guadalajara, Mexico

Hello. How Can We Help You?


Our Offices