Product Security Technical Consultant

Brak informacji o wynagrodzeniu
MidFull-time
#385704·Dodano wczoraj·0
Źródło: EPAM Systems
Aplikuj teraz

Tech Stack / Keywords

SecurityAIIoTSDLC

Wymagania

  • 5+ years of experience in product security advisory for industrial product development
  • Knowledge of CRA, IEC 62443, and NIS2 regulatory frameworks
  • Expertise in threat modeling methodologies including STRIDE, PASTA, and MITRE ATT&CK for ICS
  • Proficiency in secure SDLC practices including OWASP ASVS compliance matrices and SAST/DAST/SCA toolchain integration
  • Familiarity with AI/ML security including OWASP LLM Top 10 and AI SBOM governance
  • Understanding of EU AI Act conformity obligations for high-risk AI systems
  • Background in DevSecOps pipeline integration including CI/CD compliance checks and MLOps security gates
  • Skills in stakeholder communication and presenting findings to senior client stakeholders such as CISOs and engineering VPs
  • Capability to conduct engineering-level gap assessments and deliver remediation roadmaps across regulatory frameworks

Obowiązki

  • Design and maintain product security requirements frameworks for large federated product portfolios including central control libraries, deviation governance workflows, and risk acceptance procedures
  • Translate Cyber Resilience Act essential requirements into actionable engineering specifications covering SBOM governance, secure-by-default configurations, and vulnerability handling procedures
  • Perform OT/ICS security level assessments including SL-T vs SL-A gap analysis, zone/conduit modeling, and component requirement mapping
  • Lead threat modeling workshops with engineering teams using STRIDE, PASTA, or MITRE ATT&CK for ICS
  • Define and implement SDL/SSDLC programs including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration, and secure coding standards
  • Support Notified Body engagement and technical documentation preparation for CRA Class I and Class II products
  • Design and execute threat models for industrial products integrating AI/ML or LLM capabilities and apply OWASP LLM Top 10 mitigations
  • Integrate AI security controls into DevSecOps pipelines including model provenance, AI SBOM, and MLOps security gates
  • Support conformity obligations for high-risk AI systems including technical documentation, human oversight mechanism design, and audit trail architecture
  • Conduct engineering-level regulatory gap assessments across CRA, NIS2, EU AI Act, and DORA frameworks and deliver remediation roadmaps
  • Present compliance posture and security architecture findings to senior client stakeholders and facilitate cross-functional alignment workshops
  • Contribute to external publications, white papers, and industry forums to support practice capability-building

Benefity

  • Engineering community of industry professionals
  • Friendly team and enjoyable working environment
  • Flexible schedule and opportunity to work remotely within Poland
  • Chance to work abroad for up to 60 days annually
  • Business-driven relocation opportunities
  • Outstanding career roadmap
  • Leadership development, career advising, soft skills, and well-being programs
  • Certification (GCP, Azure, AWS)
  • Unlimited access to LinkedIn Learning, Get Abstract, Cloud Guru
  • English classes
  • Stable income (Employment Contract or B2B)
  • Participation in the Employee Stock Purchase Plan
  • Benefits package (health insurance, multisport, shopping vouchers)
  • Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
  • Referral bonuses
  • Corporate, social and well-being events
Elastyczne godziny
Opieka zdrowotna
Karta sportowa
Płatny urlop
Udziały pracownicze
Premie
Darmowe przekąski
Kursy językowe
EPAM Systems

EPAM Systems

283 aktywne oferty

Zobacz wszystkie oferty
Aplikuj teraz