Product Security Technical Consultant
Brak informacji o wynagrodzeniu
MidFull-time
#385704·Dodano wczoraj·0
Źródło: EPAM SystemsTech Stack / Keywords
SecurityAIIoTSDLC
Wymagania
- 5+ years of experience in product security advisory for industrial product development
- Knowledge of CRA, IEC 62443, and NIS2 regulatory frameworks
- Expertise in threat modeling methodologies including STRIDE, PASTA, and MITRE ATT&CK for ICS
- Proficiency in secure SDLC practices including OWASP ASVS compliance matrices and SAST/DAST/SCA toolchain integration
- Familiarity with AI/ML security including OWASP LLM Top 10 and AI SBOM governance
- Understanding of EU AI Act conformity obligations for high-risk AI systems
- Background in DevSecOps pipeline integration including CI/CD compliance checks and MLOps security gates
- Skills in stakeholder communication and presenting findings to senior client stakeholders such as CISOs and engineering VPs
- Capability to conduct engineering-level gap assessments and deliver remediation roadmaps across regulatory frameworks
Obowiązki
- Design and maintain product security requirements frameworks for large federated product portfolios including central control libraries, deviation governance workflows, and risk acceptance procedures
- Translate Cyber Resilience Act essential requirements into actionable engineering specifications covering SBOM governance, secure-by-default configurations, and vulnerability handling procedures
- Perform OT/ICS security level assessments including SL-T vs SL-A gap analysis, zone/conduit modeling, and component requirement mapping
- Lead threat modeling workshops with engineering teams using STRIDE, PASTA, or MITRE ATT&CK for ICS
- Define and implement SDL/SSDLC programs including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration, and secure coding standards
- Support Notified Body engagement and technical documentation preparation for CRA Class I and Class II products
- Design and execute threat models for industrial products integrating AI/ML or LLM capabilities and apply OWASP LLM Top 10 mitigations
- Integrate AI security controls into DevSecOps pipelines including model provenance, AI SBOM, and MLOps security gates
- Support conformity obligations for high-risk AI systems including technical documentation, human oversight mechanism design, and audit trail architecture
- Conduct engineering-level regulatory gap assessments across CRA, NIS2, EU AI Act, and DORA frameworks and deliver remediation roadmaps
- Present compliance posture and security architecture findings to senior client stakeholders and facilitate cross-functional alignment workshops
- Contribute to external publications, white papers, and industry forums to support practice capability-building
Benefity
- Engineering community of industry professionals
- Friendly team and enjoyable working environment
- Flexible schedule and opportunity to work remotely within Poland
- Chance to work abroad for up to 60 days annually
- Business-driven relocation opportunities
- Outstanding career roadmap
- Leadership development, career advising, soft skills, and well-being programs
- Certification (GCP, Azure, AWS)
- Unlimited access to LinkedIn Learning, Get Abstract, Cloud Guru
- English classes
- Stable income (Employment Contract or B2B)
- Participation in the Employee Stock Purchase Plan
- Benefits package (health insurance, multisport, shopping vouchers)
- Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
- Referral bonuses
- Corporate, social and well-being events
Elastyczne godziny
Opieka zdrowotna
Karta sportowa
Płatny urlop
Udziały pracownicze
Premie
Darmowe przekąski
Kursy językowe
EPAM Systems
283 aktywne oferty