Cyber Security Consultant

Office in The United Kingdom,

Technology Consulting

Location-specific conditions & benefits*

Choose an option

As a Cyber Security Consultant at EPAM, you will help clients address complex security challenges with a particular focus on the EU Cyber Resilience Act (CRA), Supply Chain Security, and related GRC topics. This is a senior-level position where you will leverage your expertise to advise on security problems across diverse industries. You will collaborate with cross-functional teams, support pre-sales activities and contribute to practice development, helping EPAM grow its security consulting capabilities.

Responsibilities

Lead and deliver consulting engagements focused on CRA, Supply Chain Security and related regulations (e.g., NIS2)
Drive CRA readiness for products with digital elements: scoping, product classification, gap assessments against essential requirements, risk analysis, control design, remediation roadmaps and technical documentation
Establish and mature product security capabilities: secure development lifecycle, secure update processes, vulnerability handling and coordinated vulnerability disclosure (CVD), PSIRT setup/operations, SBOM generation/management and vulnerability triage
Design and implement supply chain security and third party risk management programs: supplier risk segmentation, due diligence, contractual/security requirements, continuous monitoring and integration with procurement/vendor management
Translate regulatory requirements (CRA, NIS2) into actionable control frameworks and policies; map to standards such as ISO 27001/27002/27036, NIST CSF/SP 800/, CIS Controls, OWASP, etc.
Conduct risk assessments and threat modeling for products and suppliers; define mitigation strategies, metrics and KPIs
Produce clear, high quality deliverables: assessment reports, control designs, implementation plans, policies, process maps and training
Collaborate with client stakeholders across security, engineering, product, operations, legal and compliance; facilitate workshops and drive change
Support pre sales: discovery sessions, solution design, level of effort estimates, proposals, and presentations; contribute reusable content and accelerators
Contribute to EPAM’s security consulting practice: methodology development, knowledge sharing, mentoring and thought leadership
Stay current on emerging threats, regulatory changes and best practices in product security, supply chain security and GRC

Requirements

Proven security consulting experience with direct focus on the EU Cyber Resilience Act, Supply Chain Security, NIS2 and broader GRC topics
Demonstrable experience establishing product security capabilities (PSIRT, CVD, SBOM management, secure development/update practices) in complex product or software organizations
Strong familiarity with EU regulatory context (CRA, NIS2) and practical aspects of conformity assessment, technical documentation and CE marking; experience engaging notified bodies is a plus
Broad knowledge of frameworks and standards (ISO 27001, NIST CSF, NIST SP 800 161, NIST SSDF, CIS Controls, OWASP) and the ability to perform control mapping and tailored implementations
Experience advising on or implementing security solutions in large enterprise and product engineering environments, including supplier risk management and secure software supply chain practices
Strong analytical, communication and facilitation skills; ability to explain complex topics to technical and non technical stakeholders
Demonstrated pre sales experience and contributions to practice development
Senior-level consulting experience across multiple industries
Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CCSK/CCSP are desirable
Bachelor’s or master’s degree in computer science, Information Security, Engineering, or a related field

Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job