Cyber Security Consultant

As a Cyber Security Consultant at EPAM, you will help clients address complex security challenges with a particular focus on the EU Cyber Resilience Act (CRA), Supply Chain Security, and related GRC topics. This is a senior-level position where you will leverage your expertise to advise on security problems across diverse industries. You will collaborate with cross-functional teams, support pre-sales activities and contribute to practice development, helping EPAM grow its security consulting capabilities.

Responsibilities

• Lead and deliver consulting engagements focused on CRA, Supply Chain Security and related regulations (e.g., NIS2).
• Drive CRA readiness for products with digital elements: scoping, product classification, gap assessments against essential requirements, risk analysis, control design, remediation roadmaps and technical documentation.
• Establish and mature product security capabilities: secure development lifecycle, secure update processes, vulnerability handling and coordinated vulnerability disclosure (CVD), PSIRT setup/operations, SBOM generation/management and vulnerability triage.
• Design and implement supply chain security and third party risk management programs: supplier risk segmentation, due diligence, contractual/security requirements, continuous monitoring and integration with procurement/vendor management.
• Translate regulatory requirements (CRA, NIS2) into actionable control frameworks and policies; map to standards such as ISO 27001/27002/27036, NIST CSF/SP 800/, CIS Controls, OWASP, etc.
• Conduct risk assessments and threat modeling for products and suppliers; define mitigation strategies, metrics and KPIs.
• Produce clear, high quality deliverables: assessment reports, control designs, implementation plans, policies, process maps and training.
• Collaborate with client stakeholders across security, engineering, product, operations, legal and compliance; facilitate workshops and drive change.
• Support pre sales: discovery sessions, solution design, level of effort estimates, proposals, and presentations; contribute reusable content and accelerators.
• Contribute to EPAM's security consulting practice: methodology development, knowledge sharing, mentoring and thought leadership.
• Stay current on emerging threats, regulatory changes and best practices in product security, supply chain security and GRC.

Requirements

• Proven security consulting experience with direct focus on the EU Cyber Resilience Act, Supply Chain Security, NIS2 and broader GRC topics.
• Demonstrable experience establishing product security capabilities (PSIRT, CVD, SBOM management, secure development/update practices) in complex product or software organizations.
• Strong familiarity with EU regulatory context (CRA, NIS2) and practical aspects of conformity assessment, technical documentation and CE marking; experience engaging notified bodies is a plus.
• Broad knowledge of frameworks and standards (ISO 27001, NIST CSF, NIST SP 800 161, NIST SSDF, CIS Controls, OWASP) and the ability to perform control mapping and tailored implementations.
• Experience advising on or implementing security solutions in large enterprise and product engineering environments, including supplier risk management and secure software supply chain practices.
• Strong analytical, communication and facilitation skills; ability to explain complex topics to technical and non-technical stakeholders.
• Demonstrated pre sales experience and contributions to practice development.
• Senior-level consulting experience across multiple industries.
• Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CCSK/CCSP are desirable.
• Bachelor's or master's degree in computer science, Information Security, Engineering, or a related field.

We offer/Benefits

• EPAM Employee Stock Purchase Plan (ESPP).
• Protection benefits including life assurance, income protection and critical illness cover.
• Private medical insurance and dental care.
• Employee Assistance Program.
• Competitive group pension plan.
• Cyclescheme, Techscheme and season ticket loans.
• Various perks such as free Wednesday lunch in-office, on-site massages and regular social events.
• Learning and development opportunities including in-house training and coaching, professional certifications, over 22,000 courses on LinkedIn Learning Solutions and much more.
• If otherwise eligible, participation in the discretionary annual bonus program.
• If otherwise eligible and hired into a qualifying level, participation in the discretionary Long-Term Incentive (LTI) Program.

*All benefits and perks are subject to certain eligibility requirements.