DevOps Security (DevSecOps) Remote

Responsibilities

• Support the coordination of EPAM, customer, and QSA efforts for PCI annual certification
• Embed security controls within development and deployment pipelines
• Automate security processes to maintain pace with DevOps deployment cycles
• Establish Secure Software Development Lifecycle (SSDLC) programs
• Train software development teams on secure development methodologies and tools
• Review and recommend robust security architecture in AWS
• Communicate the significance of a Secure Software development Life Cycle with customer and teams
• Work across teams — including BAs, TLs, Developers, and QA — ensuring consistent understanding of security requirements and implemented mitigations
• Collaborate and coordinate with other security teams such as Cloud Security Engineers or Penetration Testers
• Conduct risk assessments, identify vulnerabilities and recommend mitigation measures
• Develop and implement incident response plans
• Perform regular code reviews and security tests including both static and dynamic analysis
• Align security activities with business stakeholders and goals

Requirements

• 2+ years of Software Development or Security-focused experience
• High motivation for development and growth within the security field
• Familiarity with Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM)
• Familiarity with OWASP Top 10 security threats and attack scenarios
• Hands-on experience with Threat Modeling and familiarity with Threat Modeling Tools
• Familiarity with tools for Static Code Analysis, Static / Dynamic Application Security Testing, Penetration Testing, Intrusion Detection / Prevention
• Understanding of core Security-related activities within development including Security Requirements gathering, Risk Assessment, Security Code Review
• Experience with PCI DSS and GDPR security standards and their implementation requirements
• Understanding of main security concepts, principles, areas of protection, levels of defense, threats mitigation mechanisms, and basic principles of infrastructure security and penetration testing
• Proficiency in cloud security controls and policy implementation on AWS
• Fluent English communication skills at a B2+ level

Nice to have

• Knowledge of Security Features and Mechanisms provided by major OS and development platforms/technologies
• Familiarity with DevOps principles such as CI/CD, test automation, shift-left security, and shared responsibility models
• Experience with Microsoft Azure's cloud security controls and policies
• Relevant certifications like CISSP, CCSP, SANS GIAC or similar qualifications are a plus

We offer

• Learning Culture - We want you to be the best version of yourself, that is why we offer unlimited access to learning platforms, a wide range of internal courses, and all the knowledge you need to grow professionally
• Health Coverage - Health and wellness are important, that is why we have you and up to four family members in a premiere health plan. We have a couple of options, so you can choose what is best for you and your family
• Visual Benefit - Seeing your work for us would be a sight for sore eyes. We want your vision to always be at 100% which is why we offer up to $200.000 COP for any visual health expenses
• Life Insurance Plan - We have partnered with MetLife to offer a full-coverage Ife insurance plan. So, your family is covered, even if you are gone
• Medical Leave Coverage - We are one of the few companies that cover 100% of your medical leave, for up to 90 days. Your health is the most important thing to us
• Professional Growth Opportunities - We have designed a highly competitive and complete development process, where you will have all the tools to get where you have always wanted to be, personally and professionally
• Stock Option Purchase Plan - As an EPAMer you can be more than just an employee, you will also have the opportunity to purchase stock at a reduced price and become a part owner of our organization
• Additional Income - Besides your regular salary, you will also have the chance to earn extra income by referring talent, being a technical interviewer, and many more ways
• Community Benefit - You will be part of a worldwide community of over 50,000 employees, where you can learn, challenge yourself, stand out, and share your knowledge and experience with multicultural teams!