Senior Application Security Engineer

EPAM is seeking a Senior Application Security Engineer to assist clients in enhancing their security defenses.
You will collaborate with diverse security and development teams to implement secure coding practices, conduct detailed code reviews, integrate SAST/DAST tools into CI/CD pipelines, and guide threat modeling within the software development process.
Feel free to work remotely from anywhere across Montenegro or connect with colleagues at our Herceg-Novi and Podgorica offices.

#LI-DNI#LI-VA2

Responsibilities

• Perform security reviews, threat modeling, and analyze penetration testing outcomes for applications
• Collaborate with software development teams and stakeholders to address security vulnerabilities
• Design and implement automated security testing tools and procedures to detect vulnerabilities
• Integrate security tools, standards, and protocols into the Secure Software Development Lifecycle (SSDLC)
• Monitor emerging security threats and refine scanning rules accordingly
• Train and educate developers on established security practices and build security awareness
• Define security strategies and develop roadmaps for application development security
• Customize and refine SAST processes to align with application security needs
• Deeply advocate for and explain the importance of SAST methodologies within the development lifecycle
• Work closely with development teams to integrate SAST tools into workflows and CI/CD pipelines

• 5+ years of experience in Application Security
• Knowledge of Checkmarx CxSAST or equivalent SAST tools
• Proficiency in CxQL for creating and modifying scanning rules
• Strong understanding of SAST and its importance in secure software development
• Familiarity with GitHub and embedding security scans into CI/CD pipelines
• Excellent analytical ability for interpreting scan results and refining scan accuracy
• Effective communication skills for collaboration with development teams and stakeholders
• Background in DevSecOps practices, focusing on integrating security throughout software development
• Fluent in English with a B2+ communication level

• Background in Python, Go, or other scripting languages and automation tools
• Knowledge of Cloud Platforms
• Familiarity with CI/CD tools like Jenkins, GitLab CI/CD, or Azure DevOps
• Proficiency in containerization and orchestration using Docker and Kubernetes
• Understanding of SecOps practices such as security monitoring, incident response, and threat modeling
• Knowledge of Infrastructure as Code platforms, including Terraform or Ansible
• Experience with security monitoring and logging systems such as ELK Stack or Prometheus

• Engineering Heritage. Best-in-class experts sharing a culture of engineering excellence and tackling complex engineering challenges for over 30 years
• Advanced Tech Stack. Innovative projects where you can apply or enhance your expertise in Cloud, Data, AI, and other emerging technologies
• World-Class Clients. Work closely with 295+ of the Forbes Global 2000 on creating disruptive solutions that make a global impact
• Professional Growth. Exceptional support for career development with comprehensive resources for upskilling or reskilling in pioneering practices
• GenAI Community. Strong AI competencies with 600+ experts across 55+ locations driving GenAI-enabled transformation journeys
• Entrepreneurial Culture. If you're passionate and dedicated to improving business transformation, we provide the support you need to bring your ideas to life
• Hybrid Setup.The flexibility to work from any location in Montenegro, whether it's your home or our dynamic offices
• Other Benefits. Corporate health insurance and the possibility of buying private health insurance for the family at a corporate price