Skip To Main Content
epam-logo-black.svgepam-logo-black.svg
backBack to Search

Secure Development Analyst (AppSec / DevSecOps)

Hybrid in Argentina: Córdoba
DevOps& 2 others
Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job

We are looking for a Secure Development Analyst to operate and enhance our DevSecOps capabilities, strengthening CI/CD delivery by embedding automated security controls and actionable guidance for engineering teams. You will help keep our Jenkins + Podman ecosystem running smoothly while partnering with developers to reduce risk.

Responsibilities
  • Operate DevSecOps infrastructure supporting Veracode scans across the Jenkins + Podman stack
  • Maintain and improve CI/CD pipelines by adding automated controls for SAST, SCA, DAST, secret scanning, and container image analysis
  • Design security gates that reduce risk while preserving developer velocity
  • Integrate and maintain tooling connections across Bitbucket, SonarQube, and JFrog Artifactory
  • Triage security findings, prioritize remediation work, and support teams through resolution
  • Perform early interventions in agile delivery by conducting design reviews and story reviews against defined standards
  • Collaborate with development and architecture teams to promote secure coding practices and consistent implementation of security requirements
Requirements
  • 2+ years of experience in AppSec, DevSecOps, DevOps, or development roles with a security focus
  • Hands-on experience with Jenkins, including declarative pipelines, shared libraries, and agent management
  • Hands-on experience with Podman for containerized build and scan workflows
  • Project experience operating and evolving DevSecOps infrastructure supporting SAST/SCA/DAST workflows
  • Strong knowledge of secure development frameworks and standards: NIST SSDF (SP 800-218), OWASP ASVS, OWASP SAMM, OWASP Top 10 (Web/API/LLM/Mobile), SEI CERT, MITRE ATT&CK, and CWE Top 25
  • Solid understanding of security testing approaches and tools (SAST, SCA, DAST, IAST, and secret scanning)
  • Working knowledge of container ecosystems and orchestration (Docker, Kubernetes/OpenShift) and image scanning concepts
  • Proficiency with CI/CD and repository integrations such as Bitbucket/Git, SonarQube, and JFrog Artifactory
  • Familiarity with cloud platforms (AWS, Azure, or GCP) and CIS Benchmarks
  • Skills in development languages and stacks, with the ability to read and analyze source code (Java, Node.js, JavaScript/TypeScript, Python, Go, .NET)
  • Knowledge of auth and federation (OIDC, OAuth 2.0, SAML, JWT, mTLS) and IDPs such as Keycloak
  • Background in secure transport protocols (SSL/TLS), PKI, and secret management (Vault, secrets managers)
  • Threat modeling experience with STRIDE, PASTA, or attack trees
  • Knowledge of best practices to prevent attacks (OWASP) and knowledge of common vectors in web applications and APIs
  • Good communication skills to explain findings clearly and propose pragmatic fixes
  • English proficiency at a B1+ level
Nice to have
  • Computer science student or graduate (or related field)
  • Experience with Veracode, Checkmarx, Snyk, Semgrep, or GitLeaks