Apply Apply

DESCRIPTION

Do you have a systems/DevOps engineering background and strong knowledge in Security? Are you an open-minded professional with good English skills? If it sounds like you, this could be the perfect opportunity to join EPAM as a Senior DevSecOps Engineer.

Our teams work in highly agile working environments for Fortune 1000 clients, following XP practices and best CI/CD practices. We are looking for a Senior DevSecOps Engineer to automate and optimize our development processes and ensure secure CI/CD pipelines. Working closely with our Security Architect, your main responsibility would be to reinforce our security posture across our development teams and digital portfolio.

What You’ll Do

• Collaborate with the Security Architect to drive the Security Architecture & Solutions for our core digital portfolio and future digital products
• Automate repetitive tasks and implement secure CI/CD pipelines, enhancing productivity and reducing errors
• Own the implementation and continuous improvement of security tooling across various areas including static/dynamic analysis, dependency scanning, and secrets detection
• Implement appropriate technical and organizational security controls to mitigate identified risks, with a focus on automating these measures wherever possible
• Promote and facilitate Security-By-Design principles across the development team, bridging the gap between operations and security
• Implement Infrastructure as Code (IaC) security measures, protecting integral aspects of our infrastructure and ensuring secure deployments
• Embed security within the DevOps lifecycle, including the design and execution of signed image verification systems to ensure the authenticity and integrity of images
• Conduct ongoing security training for the development team to ensure awareness and compliance

What You Have

• Security-focused or Computer Science university degree (Bachelors) OR equivalent experience
• 5+ years' experience in DevOps, with significant exposure to security aspects
• Proficiency in one or more programming languages, predominantly used in DevOps like Python, Ruby, or Go
• Practical experience with CI/CD pipelines and tools such as Jenkins, and AWS CodePipeline
• Experience with container orchestration tools like Kubernetes and Docker, and cloud environments such as AWS, Azure, or Google Cloud
• Deep understanding of secure Infrastructure as Code (IaC) strategies and signed image verification practices
• Experience in using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools for code analysis
• Security Knowledge: Solid understanding of network access, identity, access management, applied cryptography, network security methodologies, and secure software development methodologies
• Knowledge and experience with identifying and understanding the most common application security vulnerabilities (OWASP Top 10)
• Agile mindset, Continuous Quality and Process Improvement
• Deep expertise with more than one of the following area:
  • API security
  • DevSecOps practices
  • Identity and Access Management
  • Compliance & regulations for medical devices
  • Cloud Security Architecture & Controls
  • Security Architecture & Models in Healthcare
  • Zero trust & Defense in depth principles
  • Network Security
  • Infrastructure and application security assessment
  • Vulnerability management
  • Application Security
  • IoT Security architecture
  • CI/CD tooling (SAST, DAST, SCA, Secret Scanner. Secure Gates, Image Signed, etc)
  • Threat Modeling and Secure-by-Design
  • Security Operations

Nice to have

• Relevant certifications such as AWS/Azure Certified DevOps Engineer, or similar qualifications are considered an advantage
• Experience with medical security governance and IT general control frameworks such as DSOMM, HIPPA, ISO 13485, NIST CSF, NIST 800-53, MDR (EU), etc

We Offer

• WORK & LIFE BALANCE. Enjoy more of your personal time with flexible & remote work options, 24 working days of annual leave and paid time off for numerous public holidays
• CONTINUOUS LEARNING CULTURE. Develop your hard & soft skills with internal training and mentorship opportunities, sponsored professional certification, and access to 18,000+ LinkedIn courses
• CLEAR & DIFFERENT CAREER PATHS. Grow in engineering or managerial direction to become a People Manager, in-depth technical specialist, Solution Architect, or Project/Delivery Manager
• GLOBAL RELOCATION OPPORTUNITIES. EPAM has presence in more than 50 countries globally. Explore opportunities to relocate to a new country, and EPAM will provide relocation support for you and your family
• COMPETITIVE BENEFITS. Benefit from a competitive salary, private health insurance, employee stock purchase plan, special discount programs, plus, internal wellbeing programs to take your career to the next level
• STRONG PROFESSIONAL COMMUNITY. Join a global EPAM community of highly skilled experts and connect with them to solve challenges, exchange ideas, share expertise and make friends

About EPAM

• EPAM is a leading digital transformation services and product engineering company with over 53,150 EPAMers in more than 55 countries and regions . Since 1993, our multidisciplinary teams have been helping make the future real for our clients and communities around the world. In 2018, we opened an office in Spain that quickly grew to over 1,450 EPAMers distributed between the offices in Málaga and Madrid as well as remotely across the country . Here you will collaborate with multinational teams, contribute to numerous innovative projects, and have an opportunity to learn and grow continuously