Cyber Security Consultant

As a Cyber Security Consultant at EPAM, you will help clients address complex security challenges with a particular focus on the EU Cyber Resilience Act (CRA), Supply Chain Security, and related GRC topics. This is a senior-level position where you will leverage your expertise to advise on security problems across diverse industries. You will collaborate with cross-functional teams, support pre-sales activities and contribute to practice development, helping EPAM grow its security consulting capabilities.

• Lead and deliver consulting engagements focused on CRA, Supply Chain Security and related regulations (e.g., NIS2)
• Drive CRA readiness for products with digital elements: scoping, product classification, gap assessments against essential requirements, risk analysis, control design, remediation roadmaps and technical documentation
• Establish and mature product security capabilities: secure development lifecycle, secure update processes, vulnerability handling and coordinated vulnerability disclosure (CVD), PSIRT setup/operations, SBOM generation/management and vulnerability triage
• Design and implement supply chain security and third party risk management programs: supplier risk segmentation, due diligence, contractual/security requirements, continuous monitoring and integration with procurement/vendor management
• Translate regulatory requirements (CRA, NIS2) into actionable control frameworks and policies; map to standards such as ISO 27001/27002/27036, NIST CSF/SP 800/, CIS Controls, OWASP, etc.
• Conduct risk assessments and threat modeling for products and suppliers; define mitigation strategies, metrics and KPIs
• Produce clear, high quality deliverables: assessment reports, control designs, implementation plans, policies, process maps and training
• Collaborate with client stakeholders across security, engineering, product, operations, legal and compliance; facilitate workshops and drive change
• Support pre sales: discovery sessions, solution design, level of effort estimates, proposals, and presentations; contribute reusable content and accelerators
• Contribute to EPAM's security consulting practice: methodology development, knowledge sharing, mentoring and thought leadership
• Stay current on emerging threats, regulatory changes and best practices in product security, supply chain security and GRC

• Proven security consulting experience with direct focus on the EU Cyber Resilience Act, Supply Chain Security, NIS2 and broader GRC topics
• Demonstrable experience establishing product security capabilities (PSIRT, CVD, SBOM management, secure development/update practices) in complex product or software organizations
• Strong familiarity with EU regulatory context (CRA, NIS2) and practical aspects of conformity assessment, technical documentation and CE marking; experience engaging notified bodies is a plus
• Broad knowledge of frameworks and standards (ISO 27001, NIST CSF, NIST SP 800 161, NIST SSDF, CIS Controls, OWASP) and the ability to perform control mapping and tailored implementations
• Experience advising on or implementing security solutions in large enterprise and product engineering environments, including supplier risk management and secure software supply chain practices
• Strong analytical, communication and facilitation skills; ability to explain complex topics to technical and non technical stakeholders
• Demonstrated pre sales experience and contributions to practice development
• Senior-level consulting experience across multiple industries
• Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CCSK/CCSP are desirable
• Bachelor's or master's degree in computer science, Information Security, Engineering, or a related field

• EPAM Employee Stock Purchase Plan (ESPP)
• Protection benefits including life assurance, income protection and critical illness cover
• Private medical insurance and dental care
• Employee Assistance Program
• Competitive group pension plan
• Cycle scheme, Techscheme and season ticket loans
• Various perks such as free Wednesday lunch in-office, on-site massages and regular social events
• Learning and development opportunities including in-house training and coaching, professional certifications, over 22,000 courses on Linked In Learning Solutions and much more
• If otherwise eligible, participation in the discretionary annual bonus program
• If otherwise eligible and hired into a qualifying level, participation in the discretionary Long-Term Incentive (LTI) Program
• * All benefits and perks are subject to certain eligibility requirements

Find a vacancy that works for you. Send us your CV to receive a personalized offer.