Senior Application Security Engineer
Location
Croatia
Posted
8 days ago
Salary
0
Seniority
Senior
Job Description
Senior Application Security Engineer
EPAM
Role Description EPAM is looking for an experienced Senior Application Security Engineer to support our clients in improving their security posture. You will work together with various security and non-security teams to implement secure coding guidelines, conduct thorough code reviews, integrate SAST/DAST tools into the CI/CD pipeline and facilitate threat modeling in the software development lifecycle. - Conduct security reviews, threat modelling and review penetration test results for applications. - Collaborate with software developers and other stakeholders to remediate security vulnerabilities. - Develop and implement automated security testing tools and procedures to identify security issues. - Integrate security tools, standards, and processes into the secure software development lifecycle (SSDLC). - Stay updated on the latest security threats and ensure our scanning rules evolve accordingly. - Educate and train developers on security best practices and security awareness. - Define and lead the security strategy and roadmap for application development. - Optimize and customize SAST processes to align with application security requirements. - Deeply understand and advocate for SAST methodologies, explaining the how and why behind their use in the development lifecycle. - Collaborate with developers to integrate SAST tools seamlessly into their workflows and CI/CD pipelines. Qualifications - 5+ years of experience in Application Security. - Strong experience with Checkmarx CxSAST or other SAST tools. - Proficiency in CxQL for writing and modifying scanning rules. - Deep understanding of SAST and its role in secure software development. - Familiarity with GitHub and integrating security scans into CI/CD pipelines. - Excellent analytical skills for interpreting scan results and improving scan accuracy. - Strong communication skills to effectively collaborate with development teams and stakeholders. - Holistic understanding of DevSecOps practices, emphasizing security integration at every phase of software development. - Fluent English communication skills at a B2+ level. Requirements - Experience with Python, Go or other scripting languages and automation technologies (nice to have). - Basic knowledge of Cloud Platforms (nice to have). - Familiarity with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOps (nice to have). - Experience with containerization and orchestration technologies like Docker and Kubernetes (nice to have). - Understanding of SecOps tools and practices, including security monitoring, incident response, and threat modeling (nice to have). - Knowledge of Infrastructure as Code tools like Terraform or Ansible (nice to have). - Experience with security monitoring and logging tools like ELK Stack or Prometheus (nice to have).
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Director of Engineering, Security
GitLabBuild software faster. The One DevOps Platform enables your entire org to collaborate around your code. We're hiring.
• Set the engineering vision and multi-quarter roadmap across teams working on proprietary scanners, AI-driven security workflows, research functions, vulnerability management, and security foundations. • Lead a distributed engineering organization of managers and individual contributors, with a focus on team performance, engagement, and career development. • Drive architectural decisions for AI and machine learning detection engines, agentic remediation flows, and scalable scanning infrastructure. • Partner with product management to define priorities, shape requirements, and deliver security capabilities for customers in regulated and security-conscious environments. • Own the engineering delivery of GitLab’s proprietary application security scanners, agentic remediation workflows, and AI Security Research efforts. • Represent the Security Factory stage in cross-functional planning, executive reviews, security disclosures, and customer conversations. • Establish engineering standards for delivery, observability, incident response, scanner quality, and code quality. • Contribute to GitLab’s transparent, async-first way of working through issues, merge requests, and the GitLab handbook.
Aviation Infrastructure and Security Subject Matter Expert
AmentumA Premier Leader in Global Engineering, Project Management, and Solutions Integration.
• Design and develop comprehensive, classroom-based courses utilizing federal aviation security standards. • Adapt and tailor U.S. best practices for aviation security curricula to fit specific legal authorities, operational environments, language requirements, and capability levels. • Instruct partners on identifying, assessing, and neutralizing security risks. • Design practical frameworks and case studies regarding airspace risk management. • Execute short-term Temporary Duty (TDY) travel to partner nations to deliver workshops. • Write and submit timely, high-quality technical reports, work plans, and assessments.
• As a Security Engineer (Red Team), you will help Pindrop proactively identify and exploit weaknesses across product, cloud, and AI-powered systems so we can strengthen defenses before adversaries do. • Design and execute red team operations against Pindrop’s GenAI systems, LLM pipelines, RAG architectures, autonomous agents, APIs, SaaS products, and cloud environments, simulating real-world attacks across both traditional and AI-specific attack surfaces. • Conduct adversarial testing focused on prompt injection, indirect prompt attacks, jailbreaking, model extraction, training-data poisoning, data leakage, inference abuse, and unauthorized output manipulation. • Use deepfake generation, voice synthesis, and related spoofing techniques to test and attempt to defeat Pindrop’s voice authentication and deepfake detection capabilities, helping identify model robustness and detection gaps. • Develop novel attack chains that combine GenAI vulnerabilities with infrastructure, application, identity, and API weaknesses to create realistic end-to-end threat scenarios. • Plan and execute full-scope penetration tests and support bug bounty efforts across Pindrop’s web applications, APIs, SaaS products, and AWS/GCP environments using commercial and open-source offensive tooling. • Perform architecture reviews, security code reviews, and threat modeling with emphasis on vulnerabilities introduced by AI/ML components, model integrations, and LLM-facing services. • Build automation for offensive security workflows, testing, compliance checks, alerting, and reporting using Python or similar scripting languages, including AI-native attack tooling where useful. • Partner closely with SecOps and security engineering to improve detections, tune response workflows, and translate red team findings into practical remediation and defensive improvements. • Stay current on GenAI security research, adversarial ML techniques, evolving threat intelligence, and relevant regulatory developments, then apply those insights to Pindrop’s security program.
Junior Hearing Attorney – Social Security Disability
MindSetA great culture leads to a dominantly successful business. We provide insights and techniques to build this culture.
• Client Consultation: Meet with clients to evaluate their eligibility for SSI/SSDI benefits, discuss case strategy, and prepare them for the disability hearing process. • Application & Appeals Assistance: Assist clients throughout the Social Security Disability claims and appeals process, ensuring applications and supporting documentation are accurate, complete, and positioned for success. • Hearing Representation: Represent clients during hearings before Administrative Law Judges (ALJs), advocating on their behalf throughout the appeals process. • Evidence Gathering: Review and analyze medical records, employment history, vocational evidence, and other supporting documentation to strengthen disability claims. • Legal Research: Stay informed on SSA regulations, policies, and relevant case law to effectively advocate for clients and provide sound legal guidance. • Communication: Serve as the primary legal point of contact for clients while communicating with the Social Security Administration and other agencies as needed. • Advocacy: Passionately advocate for individuals living with disabilities, ensuring they receive the benefits they deserve. • Technology & Case Management: Utilize cloud-based legal technology, digital case management systems, Google Workspace, Slack, and AI-assisted tools to efficiently manage caseloads in a fully remote environment. • Collaboration: Partner closely with case managers, legal support staff, and fellow attorneys to deliver exceptional client service and achieve successful outcomes.



