Security Solution Architect Remote
Security Solution Architect Description
We are seeking a Security Solution Architect who will leverage Security Solution Architecture standards and frameworks to provide security guidance to the Product/project teams with goals of maturing and improving overall security posture of the segment and cultivating a segment-wide culture of security– awareness.
The role also requires the Security Solution Architect to assess the security requirements for projects/products, develop security architecture, develop detailed design, and provide support to help integrate security controls during solution deployment.
#LI-DNI#EasyApply
Responsibilities
- Partner with stakeholders on all products/projects to apply security requirements, develop security architecture, and provide support for integrating security controls during solution deployment
- Educate business and IT stakeholders on security solution architectural frameworks, processes, standards, and security guidelines
- Provide security review and consulting for product/project teams to influence the overall architecture direction and ensure the confidentiality, integrity, and availability of information
- Design and lead the implementation of solutions architecture based on enterprise business strategy, capabilities, and requirements
- Manage and develop architecture for a broader scope of projects, working closely with product, platform, and other solution architects
- Analyze the environment to detect critical deficiencies and recommend solutions for improvement
- Define principles, guidelines, standards, and solution patterns to align with the enterprise's future-state architecture vision
- Design and direct governance activities to ensure solutions architecture assurance and compliance
Requirements
- Security Knowledge: Deep understanding of application security principles, OWASP Top 10, ASVS, SANS 25, SAMM and secure coding practices
- Threat Modeling: Ability to conduct threat modeling and risk assessments for applications
- Secure Development Lifecycle (SDLC): Experience integrating security into DevSecOps, CI/CD pipelines, and SDLC
- Vulnerability Management: Hands-on experience with SAST, DAST, SCA, IAST, and penetration testing tools
- Authentication & Authorization: Knowledge of identity and access management (IAM), OAuth, SAML, JWT, and RBAC/ABAC
- Cloud Security: Experience securing cloud-based applications (AWS, Azure, GCP) and cloud-native technologies (Kubernetes, containers, serverless)
- Cryptography: Familiarity with encryption standards, TLS/SSL, PKI, and hashing mechanisms
- API Security: Understanding of securing REST, including API gateways and rate limiting
- Incident Response: Experience in investigating security incidents, forensic analysis, and mitigation strategies
- Team Management: Ability to lead and mentor application security engineers
- Regulatory Compliance: Knowledge of security standards like GDPR, PCI-DSS
- Policy Development: Ability to create security policies, guidelines, and best practices for the organization
- Audit & Compliance Reviews: Experience in conducting internal and external security audits
- Security Tools: Proficiency with tools like Burp Suite, ZAP, Semgrep, SonarQube, etc
- Infrastructure as Code (IaC) Security: Experience securing Terraform and Kubernetes manifests
Nice to have
- Certifications: CISSP, OSCP, CSSLP, CEH, GWAPT, or similar certifications
- 3+ years in application security or related security roles
- Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field (preferred but not mandatory)
We offer
- We gather like-minded people:
- Engineering community of industry professionals
- Friendly team and enjoyable working environment
- Flexible schedule and opportunity to work remotely within Poland
- Chance to work abroad for up to 60 days annually
- Business-driven relocation opportunities
- We provide growth opportunities:
- Outstanding career roadmap
- Leadership development, career advising, soft skills, and well-being programs
- Certification (GCP, Azure, AWS)
- Unlimited access to LinkedIn Learning, Get Abstract, Cloud Guru
- English classes
- We cover it all:
- Stable income (Employment Contract or B2B)
- Participation in the Employee Stock Purchase Plan
- Benefits package (health insurance, multisport, shopping vouchers)
- Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
- Referral bonuses
- Corporate, social and well-being events
- Please, note:
- The set of bonuses might vary based on the role you apply for – specifics will be discussed with our recruiter during the general interview
- We will reach out to selected candidates exclusively
EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.
