EPAM's Security practice is actively seeking a skilled Senior DevOps Security (DevSecOps) professional to enhance our esteemed Hospitality and Tourism sector client services.
In this key role, the chosen candidate will play a crucial part in weaving security measures consistently through the stages of application development and deployment to raise and support our security standards.
We accept CVs in English only.

#LI-DNI

Responsibilities

• Aid in orchestrating the coordination of EPAM, customer, and QSA efforts for PCI annual certification
• Integrate security controls within development and deployment pipelines
• Create automation for security procedures to align with DevOps deployment cycles
• Initiate Secure Software Development Lifecycle (SSDLC) programs
• Educate software development teams on secure development practices and tools
• Analyze and propose strong security architecture in AWS
• Relay the importance of a Secure Software Development Life Cycle to the customer and teams
• Collaborate with teams - including BAs, TLs, Developers, and QA - ensuring a uniform understanding of security requirements and applied mitigations
• Work jointly with other security teams, such as Cloud Security Engineers or Penetration Testers
• Execute risk assessments, pinpoint vulnerabilities, and advise on mitigation measures
• Forge and put into action incident response plans
• Carry out regular code evaluations and security testing, including both static and dynamic analyses
• Sync security endeavors with business stakeholders and objectives

• 3+ years in Software Development or a Security-focused role
• Strong drive for advancement and growth within the security arena
• Familiarity with Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM)
• Familiarity with OWASP Top 10 security threats and attack scenarios
• Hands-on Threat Modeling experience and familiarity with Threat Modeling Tools
• Familiarity with tools for Static Code Analysis, Static / Dynamic Application Security Testing, Penetration Testing, Intrusion Detection / Prevention
• Understanding of core Security-related activities within development, including Security Requirements gathering, Risk Assessment, Security Code Review
• Experience with PCI DSS and GDPR security standards and their implementation requirements
• Understanding of core security concepts, principles, protection areas, defense levels, threat mitigation mechanisms, and fundamental infrastructure security and penetration testing
• Proficiency in cloud security controls and policy implementation on AWS
• Fluent English communication skills at a B2+ level

• Understanding of Security Features and Mechanisms provided by major OS and development platforms/technologies
• Familiarity with principles of DevOps such as CI/CD, test automation, shift-left security, and shared responsibility models
• Experience with cloud security controls and policies in Microsoft Azure
• Possession of certifications like CISSP, CCSP, SANS GIAC, or similar is a plus

• Learning Culture - We want you to be the best version of yourself, that is why we offer unlimited access to learning platforms, a wide range of internal courses, and all the knowledge you need to grow professionally
• Health Coverage - Health and wellness are important, that is why we have you and up to four family members in a premiere health plan. We have a couple of options, so you can choose what is best for you and your family
• Visual Benefit - Seeing your work for us would be a sight for sore eyes. We want your vision to always be at 100% which is why we offer up to $200.000 COP for any visual health expenses
• Life Insurance Plan - We have partnered with MetLife to offer a full-coverage Ife insurance plan. So, your family is covered, even if you are gone
• Medical Leave Coverage - We are one of the few companies that cover 100% of your medical leave, for up to 90 days. Your health is the most important thing to us
• Professional Growth Opportunities - We have designed a highly competitive and complete development process, where you will have all the tools to get where you have always wanted to be, personally and professionally
• Stock Option Purchase Plan - As an EPAMer you can be more than just an employee, you will also have the opportunity to purchase stock at a reduced price and become a part owner of our organization
• Additional Income - Besides your regular salary, you will also have the chance to earn extra income by referring talent, being a technical interviewer, and many more ways
• Community Benefit - You will be part of a worldwide community of over 50,000 employees, where you can learn, challenge yourself, stand out, and share your knowledge and experience with multicultural teams!