We are on the lookout for a highly competent and proactive Lead Security Tester with a robust background in vulnerability management and engineering skills to become part of our team. In this pivotal role, you will oversee the management of vulnerabilities within our secure software repository and provide precise, comprehensive updates and justifications for Common Vulnerabilities and Exposures that impact our products. You will also play a crucial role in automating manual processes to boost operational efficiency and scalability.

We accept CVs in English only.

Responsibilities

• Detect, evaluate, and rank vulnerabilities in Mobile and Web applications
• Offer technical justifications, mitigations, and updates for Common Vulnerabilities and Exposures, aligning with industry best practices
• Work collaboratively with development, operations, and security teams to ensure timely remediation of vulnerabilities
• Provide in-depth vulnerability assessments and suggest justifications and strategies for CVE remediation
• Address inquiries regarding vulnerability disclosures accurately and succinctly
• Build and sustain a comprehensive knowledge base of vulnerability reports and justifications for both internal and external stakeholders
• Design and implement automation scripts, tools, and workflows to enhance the efficiency of vulnerability management processes
• Generate dashboards and reports to monitor and communicate vulnerability metrics
• Act as a technical intermediary among internal security teams, product owners, and external partners, aligning on vulnerability management objectives
• Drive the continuous enhancement of security operations through process improvements and innovative practices

Requirements

• More than 5 years of experience in Java development with an emphasis on security applications
• At least one year of leadership and team management experience
• Hands-on proficiency with vulnerability scanning tools and CVE databases like NowSecure and HCL App Scan
• Skilled in manual penetration testing for both mobile and Web applications
• Advanced proficiency in scripting and automation using Python, and experience with frameworks such as Ansible or Terraform
• Experience in managing containerized environments including Docker and Kubernetes, alongside secure software development practices
• A solid understanding of common security standards and frameworks such as OWASP, NIST, ISO 27001, and PSI DSS
• Knowledge of cloud platforms like AWS, Azure, GCP, and their security configurations
• Familiarity with security orchestration and automation platforms
• Exceptional written and verbal communication skills for translating complex technical concepts effectively
• Capability to manage multiple tasks and priorities in a fast-paced, collaborative environment
• Analytical thinker with strong problem-solving skills and meticulous attention to detail
• Fluent English skills at a B2 level or higher

Nice to have

• Experience with secure software repositories and hardened containers

We offer

• Learning Culture - We want you to be the best version of yourself, that is why we offer unlimited access to learning platforms, a wide range of internal courses, and all the knowledge you need to grow professionally
• Health Coverage - Health and wellness are important, that is why we have you and up to four family members in a premiere health plan. We have a couple of options, so you can choose what is best for you and your family
• Visual Benefit - Seeing your work for us would be a sight for sore eyes. We want your vision to always be at 100% which is why we offer up to $200.000 COP for any visual health expenses
• Life Insurance Plan - We have partnered with MetLife to offer a full-coverage Ife insurance plan. So, your family is covered, even if you are gone
• Medical Leave Coverage - We are one of the few companies that cover 100% of your medical leave, for up to 90 days. Your health is the most important thing to us
• Professional Growth Opportunities - We have designed a highly competitive and complete development process, where you will have all the tools to get where you have always wanted to be, personally and professionally
• Stock Option Purchase Plan - As an EPAMer you can be more than just an employee, you will also have the opportunity to purchase stock at a reduced price and become a part owner of our organization
• Additional Income - Besides your regular salary, you will also have the chance to earn extra income by referring talent, being a technical interviewer, and many more ways
• Community Benefit - You will be part of a worldwide community of over 50,000 employees, where you can learn, challenge yourself, stand out, and share your knowledge and experience with multicultural teams!

Please note that even though you are applying for this position, you may be offered other projects to join within EPAM.

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.