Skip To Main Content
epam-logo-black.svgepam-logo-black.svg
backBack to Search

Senior Product Security Specialist

Hybrid in Romania: Bucharest
Security.Engineering& 4 others
Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job

We are seeking a Senior Product Security Specialist to join our team, dedicated to ensuring the security of our products and driving best practices within our software development lifecycle.


As a key member of our security team, you will play a critical role in shaping our security processes, technologies, and culture.

Responsibilities
  • Facilitate threat modeling exercises and training sessions across teams
  • Lead workshops and discussions with diverse stakeholders to address security concerns effectively
  • Collaborate with first-line teams to refine development pipelines with optimal security tools and techniques
  • Provide subject matter expertise on updating current activities and integrating new technologies into the SSDLC
  • Partner with Product teams to architect secure products and features that align with security standards
  • Train and empower Security Champions within Product teams
  • Support teams by advising on security-conscious decisions that align with development goals
  • Facilitate end-to-end vulnerability management and remediation tracking
Requirements
  • Proficiency in threat and risk modeling, preferably using STRIDE assessments
  • At least 5 years of experience in Software Development Lifecycle, Development Security, Security Engineering, Security Architecture, or Software Development
  • Knowledge of CI/CD Security, SIEM, and PAM with preference for CyberArk
  • Experience in implementing and operating build automation and Cloud Security
  • Familiarity with identity and access management principles
  • Understanding of SSDLC security technologies such as GitHub or Azure
  • Relevant industry certifications (CISSP, CSSLP, CCSK)
  • Fluent communication skills in English at a B2+ level
Nice to have
  • Familiarity with privacy threat modeling methods like LINDDUN
  • Background in development or DevSecOps
  • Knowledge of SAST/DAST/IAST/RASP solutions