EPAM Systems

Senior Application Security Engineer

2 months agoKyiv, Ukraine

Striving for excellence is in our DNA. Since 1993, we have been helping the world's leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

Our customer provides comprehensive workers' compensation healthcare solutions.

On current position, you will be responsible for on boarding and maintaining vulnerabilities discovered via scanning tools and manual reviews.

  • Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools
  • Systematically address application security issues and develop secure coding practices for multiple development teams
  • Integrate in application authentication, encryption, authorization, and access control
  • Provide mitigation strategies for applications from a secure coding perspective
  • Utilize application security scanning tools such as Burpsuite/Fortify to interpret reports and validate identified vulnerabilities and associated risks
  • Utilize source code scan tools to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage
  • Proactively work with team members to address security and compliance issues
  • Provide education and assistance to application developers for applying Security Software Development Life Cycle
  • Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application lifecycle
  • 5+ years of web development experience
  • 2+ years of .NET C# web development experience on Azure
  • 1+ year of application security experience
  • Proven experience in Static and/or Dynamic Application Security Testing
  • Familiarity with BSIMM, OWASP SAMM and/or OWASP ASVS would be a plus
  • Experience or familiarity with CI/CD pipelines and Agile environments would be a plus
  • Good understanding of the OWASP Top 10 Risks & Controls, and the SANS Top 25 Software Errors
  • Strong knowledge of applications hosted in cloud Amazon Web Services (AWS), Google (GCP) or Microsoft Azure clouds
  • Ability to demonstrate effective application vulnerability and penetration-testing skills including Injection, XSS, and XXE attacks in web applications nice to have
  • Ability to demonstrate effective skill with dynamic and static analysis tools and in software engineering principles, frameworks, and technologies
  • Ability to advise other engineers on application security best practices
  • Upper-Intermediate or higher English level, both spoken and written (B1+)
We offer
  • Competitive compensation depending on experience and skills
  • Individual career path
  • Social package - medical insurance, sports
  • Unlimited access to LinkedIn learning solutions
  • Compensation for sick lists and regular vacations
  • English classes with certified English teachers
  • Flexible work hours

Job ID: EPAM-52130