Skip To Main Content
epam-logo-black.svgepam-logo-black.svg
backBack to Search

Lead Security Tester

Colombia
Security.Testing, CI/CD, Cloud, Penetration testing, Vulnerability Management, Amazon Web Services

We are on the lookout for a highly competent and proactive Lead Security Tester with a robust background in vulnerability management and engineering skills to become part of our team. In this pivotal role, you will oversee the management of vulnerabilities within our secure software repository and provide precise, comprehensive updates and justifications for Common Vulnerabilities and Exposures that impact our products. You will also play a crucial role in automating manual processes to boost operational efficiency and scalability.

Responsibilities
  • Detect, evaluate, and rank vulnerabilities in Mobile and Web applications
  • Offer technical justifications, mitigations, and updates for Common Vulnerabilities and Exposures, aligning with industry best practices
  • Work collaboratively with development, operations, and security teams to ensure timely remediation of vulnerabilities
  • Provide in-depth vulnerability assessments and suggest justifications and strategies for CVE remediation
  • Address inquiries regarding vulnerability disclosures accurately and succinctly
  • Build and sustain a comprehensive knowledge base of vulnerability reports and justifications for both internal and external stakeholders
  • Design and implement automation scripts, tools, and workflows to enhance the efficiency of vulnerability management processes
  • Generate dashboards and reports to monitor and communicate vulnerability metrics
  • Act as a technical intermediary among internal security teams, product owners, and external partners, aligning on vulnerability management objectives
  • Drive the continuous enhancement of security operations through process improvements and innovative practices
Requirements
  • More than 5 years of experience in Security Testing
  • At least one year of leadership and team management experience
  • Hands-on proficiency with vulnerability scanning tools and CVE databases like NowSecure and HCL App Scan
  • Skilled in manual penetration testing for both mobile and Web applications
  • Advanced proficiency in scripting and automation using Python, and experience with frameworks such as Ansible or Terraform
  • Experience in managing containerized environments including Docker and Kubernetes, alongside secure software development practices
  • A solid understanding of common security standards and frameworks such as OWASP, NIST, ISO 27001, and PSI DSS
  • Knowledge of cloud platforms like AWS, Azure, GCP, and their security configurations
  • Familiarity with security orchestration and automation platforms
  • Exceptional written and verbal communication skills for translating complex technical concepts effectively
  • Capability to manage multiple tasks and priorities in a fast-paced, collaborative environment
  • Analytical thinker with strong problem-solving skills and meticulous attention to detail
  • Fluent English skills at a B2 level or higher
Nice to have
  • Experience with secure software repositories and hardened containers
Benefits
  • International projects with top brands
  • Work with global teams of highly skilled, diverse peers
  • Healthcare benefits
  • Employee financial programs
  • Paid time off and sick leave
  • Upskilling, reskilling and certification courses
  • Unlimited access to the LinkedIn Learning library and 22,000+ courses
  • Global career opportunities
  • Volunteer and community involvement opportunities
  • EPAM Employee Groups
  • Award-winning culture recognized by Glassdoor, Newsweek and LinkedIn