Chief Application Security Architect

EPAM is looking for a Chief Application Security Architect to join its Security practice, and work directly with one of our enterprise customers in the Hospitality and Tourism industry.

• Lead and coordinate Security Audits across the software development lifecycle: from Architecture, Process, Risk to Testing
• Lead the PCI annual certification process by coordinating EPAM, customer and QSA efforts
• Establish secure software development lifecycle (SSDLC) programs
• Support software development teams in secure development methodologies, tools, and processes
• Train Software Development teams in the areas of secure development
• Build secure architecture and design for projects
• Communicate with customers and teams, and be able to convey the message about the importance of a Secure Software Development Life Cycle and the methods for establishing it
• Cooperate with all sub-teams - BAs, Developers, QAs - to build a consistent understanding of Security Requirements, main Threats, and Mitigations implemented
• Be able to communicate and coordinate work with other Security Teams, including Cloud Security Engineers, Infrastructure Security Engineers, and Penetration Testers

• Software Development or Security-focused university degree OR equivalent experience
• Motivation to develop and grow in the field of Security
• Familiarity with one or more Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM)
• Familiarity with security threats and attack scenarios, such as the OWASP Top 10
• Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling tools
• Familiarity with one or more tools in the following categories: Static Code Analysis, Static/Dynamic Application Security Testing, Penetration Testing, Intrusion Detection/Prevention
• Understanding of main Security-related activities in development, such as Security Requirements gathering, Risk Assessment, and Security Code Review
• Familiarity with security threats, their implementation, and their classification
• Familiarity with existing PCI DSS and GDPR security standards, and experience with requirements implementation
• Understanding of main security concepts and principles
• Understanding of main areas of protection and levels of defense
• Understanding of threat mitigation mechanisms
• Understanding of basic principles of infrastructure security and penetration testing
• Experience with cloud security controls and policies on top of AWS

• Knowledge of security features and mechanisms provided by at least one operating system and development platform or technology
• Familiarity with DevOps principles: CI/CD, test automation, shift-left security, and shared responsibility models
• Experience with cloud security controls and policies using Microsoft Azure
• Relevant certifications such as CISSP, CCSP, SANS GIAC, or similar qualifications are considered an advantage

• Career plan and real growth opportunities
• Unlimited access to LinkedIn learning solutions
• International Mobility Plan within 25 countries
• Constant training, mentoring, online corporate courses, eLearning and more
• English classes with a certified teacher
• Support for employee’s initiatives (Algorithms club, toastmasters, agile club and more)
• Enjoyable working environment (Gaming room, napping area, amenities, events, sport teams and more)
• Flexible work schedule and dress code
• Collaborate in a multicultural environment and share best practices from around the globe
• Hired directly by EPAM & 100% under payroll
• Law benefits (IMSS, INFONAVIT, 25% vacation bonus)
• Major medical expenses insurance: Life, Major medical expenses with dental & visual coverage (for the employee and direct family members)
• 13 % employee savings fund, capped to the law limit
• Grocery coupons
• 30 days December bonus
• Employee Stock Purchase Plan
• 12 vacations days plus 4 floating days
• Official Mexican holidays, plus 5 extra holidays (Maundry Thursday and Friday, November 2nd, December 24th & 31st)
• Monthly non-taxable amount for the electricity and internet bills