Skip navigation EPAM

Lead Security Testing Engineer Gdansk, Poland

Lead Security Testing Engineer Description

Job #: 53844
Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION


We are looking for Lead Security Testing Engineer interested and capable of leading the local team of security testing engineers, coordinating activities with Global Security Competency Center. Besides leading skills, we expect you to have expert level in Web Applications security and advanced level in security of Mobile applications or Network security.

Lead position assumes advanced technical depth and experience, technical leadership, and multi-faceted communication skills. Scope and tasks may vary greatly. You may be involved in the full project security lifecycle from analysis and planning to development and deployment, as well as assisting with pre-sales opportunities, developing and delivering security related trainings.
You may be involved in the full project security development lifecycle enforcing SDL practices performed throughout project development, providing clarification of expectations and identify the actions required to accomplish the SDL.

You may be engaged to perform pentests or vulnerability assessments of target system(s) in lawful and legitimate manner acting like an insider (internal penetration test) or external user.
You’ll collaborate with Global Competency Center and coordinate effort of local colleagues being fully responsible for the results of the security assessment.

Responsibilities

  • Verify that the Core Team members have completed the right level of mandatory cybersecurity training
  • Identify all relevant cybersecurity regulations and standards for the markets being served
  • Create initial cybersecurity requirements and include in the Product Backlog
  • Define list of approved tools and associated security checks
  • Review secure coding rules
  • Define incremental security compliance goals
  • Develop Initial cybersecurity test strategy
  • Perform attack surface analysis review
  • Implement and continuously update cybersecurity requirements from the Product Backlog
  • Produce user documentation for cybersecurity features
  • Perform robustness and fuzz testing
  • Perform vulnerability assessments
  • Conduct penetration testing
  • Run network security testing
  • Perform review of all security testing defects and address them to project team
  • Force fix of security defects
  • Conduct a Final Security Review (FSR) to ensure completion of all SDL elements
  • Finalize security user documentation
  • Develop and present proposals to prospective clients

Requirements

  • No less than 5 year of proven practical experience in application or infrastructure security testing
  • Certification in security field
  • Understanding and practical experience in different security testing methodologies (OSSTM, OWASP, PTES)
  • Ability to develop, implement and guide security assessments’ process on the project
  • Experience in definition of cybersecurity requirements and processes
  • Ability to select, educate and communicate the right solution based on client requirements and objectives
  • Ability to explain assessment results to technical and non-technical personnel
  • Experience in development of security-related documentation
  • Experience in security assessments of Web Services (SOAP, RESTful)
  • Experience in security assessments of Web Applications
  • Experience in security assessments of Mobile applications (iOS, Android, Windows Mobile)
  • Experience in assessments of network security

Nice to have

  • Experience in security architecture and design reviews
  • Experience in threat modeling
  • Experience in SAST (static code analysis, manual code reviews)
  • Experience in management/coordination of security team
  • Experience in project management
  • Experience in vulnerability management programs
  • Experience in pre-sale activities

We offer

  • Vast opportunities for self-development: online courses and library, experience exchange with colleagues around the world, partial grant of certification
  • English language classes
  • Polish language classes for Foreigners
  • Career development center
  • Unlimited access to LinkedIn learning solutions
  • Possibility to relocate for short and long-term projects (ex. to USA or Switzerland)
  • Benefit package (private insurance, health care, multisport, lunch tickets, and shopping vouchers, etc.)
  • Possibility to be involved in an international project
  • Remote work options
  • Relocation package for foreign applicants as well as for people relocating within Poland
  • Please note that only selected candidates will be contacted
Learn more about EPAM in Poland

HELLO! HOW CAN WE HELP YOU?


OUR OFFICES