Skip To Main Content
epam-logo-black.svgepam-logo-black.svg
backBack to Search

Senior Application Security Engineer

Remote in Croatia
Security.Engineering& 5 others
hot
Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job

EPAM is looking for an experienced Senior Application Security Engineer to support our clients in improving their security posture.

You will work together with various security and non-security teams to implement secure coding guidelines, conduct thorough code reviews, integrate SAST/DAST tools into the CI/CD pipeline and facilitate threat modeling in the software development lifecycle.

Responsibilities
  • Conduct security reviews, threat modelling and review penetration test results for applications
  • Collaborate with software developers and other stakeholders to remediate security vulnerabilities
  • Develop and implement automated security testing tools and procedures to identify security issues
  • Integrate security tools, standards, and processes into the secure software development lifecycle (SSDLC)
  • Stay updated on the latest security threats and ensure our scanning rules evolve accordingly
  • Educate and train developers on security best practices and security awareness
  • Define and lead the security strategy and roadmap for application development
  • Optimize and customize SAST processes to align with application security requirements
  • Deeply understand and advocate for SAST methodologies, explaining the how and why behind their use in the development lifecycle
  • Collaborate with developers to integrate SAST tools seamlessly into their workflows and CI/CD pipelines
Requirements
  • 5+ years of experience in Application Security
  • Strong experience with Checkmarx CxSAST or other SAST tools
  • Proficiency in CxQL for writing and modifying scanning rules
  • Deep understanding of SAST and its role in secure software development
  • Familiarity with GitHub and integrating security scans into CI/CD pipelines
  • Excellent analytical skills for interpreting scan results and improving scan accuracy
  • Strong communication skills to effectively collaborate with development teams and stakeholders
  • Holistic understanding of DevSecOps practices, emphasizing security integration at every phase of software development
  • Fluent English communication skills at a B2+ level
Nice to have
  • Experience with Python, Go or other scripting languages and automation technologies
  • Basic knowledge of Cloud Platforms
  • Familiarity with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOps
  • Experience with containerization and orchestration technologies like Docker and Kubernetes
  • Understanding of SecOps tools and practices, including security monitoring, incident response, and threat modeling
  • Knowledge of Infrastructure as Code tools like Terraform or Ansible
  • Experience with security monitoring and logging tools like ELK Stack or Prometheus