Senior Application Security Engineer

EPAM is looking for an experienced Senior Application Security Engineer to support our clients in improving their security posture.
You will work together with various security and non-security teams to implement secure coding guidelines, conduct thorough code reviews, integrate SAST/DAST tools into the CI/CD pipeline and facilitate threat modeling in the software development lifecycle.
Responsibilities
Conduct security reviews, threat modelling and review penetration test results for applications
Collaborate with software developers and other stakeholders to remediate security vulnerabilities
Develop and implement automated security testing tools and procedures to identify security issues
Integrate security tools, standards, and processes into the secure software development lifecycle (SSDLC)
Stay updated on the latest security threats and ensure our scanning rules evolve accordingly
Educate and train developers on security best practices and security awareness
Define and lead the security strategy and roadmap for application development
Optimize and customize SAST processes to align with application security requirements
Deeply understand and advocate for SAST methodologies, explaining the how and why behind their use in the development lifecycle
Collaborate with developers to integrate SAST tools seamlessly into their workflows and CI/CD pipelines
Requirements
5+ years of experience in Application Security
Strong experience with Checkmarx CxSAST or other SAST tools
Proficiency in CxQL for writing and modifying scanning rules
Deep understanding of SAST and its role in secure software development
Familiarity with GitHub and integrating security scans into CI/CD pipelines
Excellent analytical skills for interpreting scan results and improving scan accuracy
Strong communication skills to effectively collaborate with development teams and stakeholders
Holistic understanding of DevSecOps practices, emphasizing security integration at every phase of software development
Fluent English communication skills at a B2+ level
Nice to have
Experience with Python, Go or other scripting languages and automation technologies
Basic knowledge of Cloud Platforms
Familiarity with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOps
Experience with containerization and orchestration technologies like Docker and Kubernetes
Understanding of SecOps tools and practices, including security monitoring, incident response, and threat modeling
Knowledge of Infrastructure as Code tools like Terraform or Ansible
Experience with security monitoring and logging tools like ELK Stack or Prometheus