30 июн

Backend Developer

выше рынка на 33,0%
вакансия 517 375 ₽
в среднем 388 954 ₽
Загрузи резюме, чтобы видеть мэтчи с вакансией

генерация резюме под вакансию

Загрузи резюме в профиль, чтобы сгенерировать временное CV под эту вакансию

сопроводительное письмо

Загрузи резюме в профиль, а нейросеть определит твою категорию. Затем ты сможешь генерировать сопроводительные письма для вакансий этой категории

описание

EPAM is a global provider of digital engineering, cloud, and AI-enabled transformation services, as well as a leading business and experience consulting partner.

задачи

  • Embed security into the full software development lifecycle and drive shift-left and secure-by-design practices across engineering teams;
  • Perform and facilitate threat modeling, architecture security reviews, and design reviews for applications, services, and APIs;
  • Conduct secure code reviews (manual and AI-assisted) and advise developers on secure coding patterns and remediation;
  • Implement, configure, tune, and operate application security tooling, including SAST, DAST, IAST, SCA, secrets scanning, and IaC scanning, integrated into CI/CD pipelines;
  • Triage, validate, prioritize, and reduce false positives in security findings, and partner with development teams to track issues through to remediation;
  • Define, implement, and maintain security gates and policies in CI/CD pipelines;
  • Secure the software supply chain, including dependency and open-source risk management, SBOM generation, artifact integrity and signing, and build pipeline hardening;
  • Support and coordinate application penetration testing and validate fixes for identified vulnerabilities;
  • Drive secrets management, secure configuration, API security, container and image security, and microservice security practices;
  • Establish and run a security champions program, and develop and deliver secure-coding training, guidelines, and reusable security patterns;
  • Define and maintain application security standards, baselines, and policy-as-code;
  • Build, deploy, and maintain AI-assisted automations and agentic workflows to reduce manual effort in security activities;
  • Build and integrate AI agents and LLM-backed automations into the SDLC and CI/CD pipelines;
  • Develop, test, and maintain reusable prompts, structured-prompting patterns, and prompt templates;
  • Implement retrieval over codebases, security standards, and remediation guidance;
  • Build evaluation, validation, and human-in-the-loop checkpoints into AI-assisted AppSec workflows;
  • Implement security and privacy controls for AppSec AI usage;
  • Design, implement, and operate security controls for AI- and LLM-powered application features;
  • Define and enforce guardrails for secure adoption of AI in product engineering.

требования

  • Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent practical experience;
  • Hands-on application security experience across the software development lifecycle;
  • Strong understanding of common application vulnerability classes, mitigations, OWASP Top 10, and secure coding principles;
  • Practical experience with application security tooling (SAST, DAST, SCA, secrets scanning) and CI/CD integration;
  • Working knowledge of at least one programming language (Python, Java, C#, JavaScript/TypeScript, or Go);
  • Experience with threat modeling and secure design review methodologies;
  • Understanding of DevOps/DevSecOps practices and secure-by-design principles;
  • Familiarity with cloud application security concepts (Azure, AWS, or GCP);
  • Experience participating in production projects or engineering teams;
  • Ability to work closely with cross-functional teams and influence without owning the codebase;
  • Ability to follow, maintain, and improve security processes;
  • Practical understanding of AI-assisted productivity and automation, including building AI agents, integrating LLMs with workflows, prompt engineering, and secure data handling;
  • Good communication skills for technical and non-technical stakeholders;
  • Nice to have: Experience with application security platforms (Snyk, Checkmarx, Veracode, SonarQube, Semgrep, GitHub Advanced Security, Burp Suite, OWASP ZAP), software supply chain security (SBOM, SLSA, Sigstore), Infrastructure as Code and policy-as-code tools (Terraform, Bicep, ARM templates, OPA, Checkov, Trivy), container and Kubernetes security, API security, secrets management (HashiCorp Vault, Azure Key Vault), microservice security patterns, compliance frameworks (ISO 27001, NIST, CIS Benchmarks, PCI DSS, HIPAA, SOC 2, SOX), SIEM/SOAR integration, AI/LLM platforms (Azure OpenAI, Azure AI Foundry, Amazon Bedrock, Microsoft Copilot Studio, LangChain, AutoGen), understanding of AI/LLM security risks (OWASP Top 10 for LLM), security certifications (CSSLP, GWAPT, GWEB, OSCP, OSWE, CISSP, CISM, CCSP, AI-900, AI-102).

условия

  • No conditions specified

Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.

прозрачные зарплаты в IT

Анонимные данные по зарплатам и грейдам

Посмотреть
График динамики зарплат
Откликнуться Добавить в трекер

Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.