Note: The job is a remote job and is open to candidates in USA. EPAM Systems is seeking a Product Security Technical Consultant to advise industrial product development teams on security requirements and regulatory compliance. The role involves designing security frameworks, conducting assessments, and integrating AI security controls into development processes.
Responsibilities
- Design and maintain product security requirements frameworks for large federated product portfolios including central control libraries, deviation governance workflows and risk acceptance procedures
- Translate Cyber Resilience Act essential requirements into actionable engineering specifications covering SBOM governance, secure-by-default configurations and vulnerability handling procedures
- Perform OT/ICS security level assessments including SL-T vs SL-A gap analysis, zone/conduit modeling and component requirement mapping
- Lead threat modeling workshops with engineering teams using STRIDE, PASTA or MITRE ATT&CK for ICS
- Define and implement SDL/SSDLC programs including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration and secure coding standards
- Support Notified Body engagement and technical documentation preparation for CRA Class I and Class II products
- Design and execute threat models for industrial products integrating AI/ML or LLM capabilities and apply OWASP LLM Top 10 mitigations
- Integrate AI security controls into DevSecOps pipelines including model provenance, AI SBOM and MLOps security gates
- Support conformity obligations for high-risk AI systems including technical documentation, human oversight mechanism design and audit trail architecture
- Conduct engineering-level regulatory gap assessments across CRA, NIS2, EU AI Act and DORA frameworks and deliver remediation roadmaps
- Present compliance posture and security architecture findings to senior client stakeholders and facilitate cross-functional alignment workshops
- Contribute to external publications, white papers and industry forums to support practice capability-building
Skills
- 5+ years of experience in product security advisory for industrial product development
- Knowledge of CRA, IEC 62443 and NIS2 regulatory frameworks
- Expertise in threat modeling methodologies including STRIDE, PASTA and MITRE ATT&CK for ICS
- Proficiency in secure SDLC practices including OWASP ASVS compliance matrices and SAST/DAST/SCA toolchain integration
- Familiarity with AI/ML security including OWASP LLM Top 10 and AI SBOM governance
- Understanding of EU AI Act conformity obligations for high-risk AI systems
- Background in DevSecOps pipeline integration including CI/CD compliance checks and MLOps security gates
- Skills in stakeholder communication and presenting findings to senior client stakeholders such as CISOs and engineering VPs
- Capability to conduct engineering-level gap assessments and deliver remediation roadmaps across regulatory frameworks
Benefits
- Engineering community of industry professionals
- Friendly team and enjoyable working environment
- Flexible schedule and opportunity to work remotely within Poland
- Chance to work abroad for up to 60 days annually
- Business-driven relocation opportunities
- Outstanding career roadmap
- Leadership development, career advising, soft skills, and well-being programs
- Certification (GCP, Azure, AWS)
- Unlimited access to LinkedIn Learning, Get Abstract, Cloud Guru
- English classes
- Stable income (Employment Contract or B2B)
- Participation in the Employee Stock Purchase Plan
- Benefits package (health insurance, multisport, shopping vouchers)
- Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
- Referral bonuses
- Corporate, social and well-being events
Company Overview