Middle Application Security Engineer | EPAM Anywhere

This website uses cookies for analytics, personalization and advertising. Click here to learn more or change your cookie settings. By continuing to browse, you agree to our use of cookies.

Back icon

Middle Application Security Engineer for Video Game Company

Middle Application Security Engineer for Video Game Company 40 hrs/week, 12+ months

Currently, we are looking for a remote Middle Application Security Engineer with 2+ years of experience in Information Security principles, technology, and control processes to join our team.

The customer is an American video game and software developer and publisher, developing commercially available game engines which also powers their internally developed video games.

Please note that even though you are applying for this position, you may be offered other projects to join within EPAM Anywhere.

Join EPAM Anywhere to quickly and easily find projects that match your knowledge and experience, while working with Forbes Global 2000 clients, building a successful IT career, and earning competitive rewards. The platform provides additional perks, including a flexible schedule, professional development opportunities, and access to a community of experts.

We accept CVs only in English.

Responsibilities

  • Application Security Assessments - Define and update an application security methodology and perform assessments across internal, external applications
    • Secure Coding - Keep Web development teams apprised of secure coding best practices, and assist with static/dynamic code analysis
      • Assist in the design, creation, testing, documentation, deployment and maintenance of new automation, capabilities and Security services for the InfoSec team ​
        • Stay abreast of internal Epic applications and their security posture
          • Blue Team Cross Training - Remains abreast of Application Security threats and defines and develops InfoSec training on web-based exploits/tools and corresponding mitigation techniques

            Requirements

            • 2+ years experience of Information Security principles, technology, and control processes
              • 2+ years of development experience building systems in languages such as Python, C++, Golang/Rust
                • Experience in design review and threat modeling
                  • Experience with providing security services as part of an SDLC
                    • Experience with Secure Coding and AppSec frameworks (OWASP Guide, SANS CWE Top 25, CERT Secure Coding)
                      • Experience working with and setting up services on AWS infrastructure
                        • Understand and be able to apply concepts such as algorithms, data structures, OOO design, databases
                          • The ability to work with a team, building complex solutions is a plus
                            • Knowledge of how to work with CI/CD systems is also a plus
                              • Knowledge of Docker and Terraform is also a plus
                                • CEH and Offensive Security Certification (OSCP, GPEN, or GWAPT)
                                  • Excellent oral and written communication skills, including report writing and technical documentation

                                    We offer

                                    • Competitive compensation depending on experience and skills
                                      • Work in enterprise-level projects on a long-term basis
                                        • You will have a 100% remote full-time job
                                          • Unlimited access to learning courses (EPAM training courses, English regular classes, Internal Library)
                                            • Community of 38,000+ industry’s top professionals
                                              Security.Engineering
                                              Application Security
                                              Code Review Process
                                              DAST (Dynamic application security testing)
                                              SAST (Static Application Security Testing)
                                              Security Testing
                                              Threat Modeling

                                              40 hrs/week

                                              Hours per week

                                              12+ months

                                              Project length

                                              Colombia

                                              Locations eligible for the position