Cyber Security Consultant

Cyber Security Consultant at EPAM Systems

As a Cyber Security Consultant at EPAM Systems, you will play a crucial role in helping clients navigate complex security challenges. Your expertise will be particularly focused on the EU Cyber Resilience Act (CRA), Supply Chain Security, and related Governance, Risk, and Compliance (GRC) topics. This is a senior-level position where you will leverage your deep knowledge to advise on critical security problems across diverse industries. You will work closely with cross-functional teams, actively support pre-sales activities, and contribute significantly to the development and growth of EPAM's security consulting capabilities.

Key Responsibilities

• Lead and deliver consulting engagements with a direct focus on CRA, Supply Chain Security, and related regulations such as NIS2.
• Drive CRA readiness for products with digital elements, encompassing scoping, product classification, gap assessments against essential requirements, risk analysis, control design, remediation roadmaps, and technical documentation.
• Establish and mature product security capabilities, including secure development lifecycles, secure update processes, vulnerability handling, coordinated vulnerability disclosure (CVD), PSIRT setup/operations, SBOM generation/management, and vulnerability triage.
• Design and implement robust supply chain security and third-party risk management programs, covering supplier risk segmentation, due diligence, contractual/security requirements, continuous monitoring, and integration with procurement/vendor management.
• Translate regulatory requirements from CRA and NIS2 into actionable control frameworks and policies, mapping them to industry standards like ISO 27001/27002/27036, NIST CSF/SP 800/, and CIS Controls, OWASP, among others.
• Conduct thorough risk assessments and threat modeling for products and suppliers, defining effective mitigation strategies, metrics, and Key Performance Indicators (KPIs).
• Produce clear, high-quality deliverables such as assessment reports, control designs, implementation plans, policies, process maps, and training materials.
• Collaborate effectively with client stakeholders across security, engineering, product, operations, legal, and compliance departments, facilitating workshops and driving necessary change.
• Support pre-sales activities including discovery sessions, solution design, level of effort estimates, proposals, and presentations, while contributing reusable content and accelerators.
• Contribute to EPAM’s security consulting practice through methodology development, knowledge sharing, mentoring, and thought leadership.
• Stay current on emerging threats, regulatory changes, and best practices in product security, supply chain security, and GRC.

Required Qualifications

• Proven security consulting experience with a direct focus on the EU Cyber Resilience Act, Supply Chain Security, NIS2, and broader GRC topics.
• Demonstrable experience in establishing product security capabilities (PSIRT, CVD, SBOM management, secure development/update practices) within complex product or software organizations.
• Strong familiarity with the EU regulatory context (CRA, NIS2) and practical aspects of conformity assessment, technical documentation, and CE marking; experience engaging notified bodies is a plus.
• Broad knowledge of security frameworks and standards (ISO 27001, NIST CSF, NIST SP 800-161, NIST SSDF, CIS Controls, OWASP) and the ability to perform control mapping and tailored implementations.
• Experience advising on or implementing security solutions in large enterprise and product engineering environments, including supplier risk management and secure software supply chain practices.
• Strong analytical, communication, and facilitation skills; ability to explain complex topics to both technical and non-technical stakeholders.
• Demonstrated pre-sales experience and contributions to practice development.
• Senior-level consulting experience across multiple industries.
• Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CCSK/CCSP are desirable.
• Bachelor’s or master’s degree in Computer Science, Information Security, Engineering, or a related field.

What We Offer

• 30 days holiday per annum
• Company Pension Scheme
• Regular performance assessments
• Fitness-First Black Membership
• bitkom - Corporate Benefits
• Employee Stock Purchase Plan (ESPP) (subject to certain eligibility requirements)
• Unlimited access to LinkedIn learning solutions
• Friendly and enjoyable working team
• Regular corporate and social events
• Flexible and remote working opportunities
• Award-winning workplace: Recognized by Kununu (Top Company 2022–2025), Glassdoor (Best Places to Work 2023–2024), and the NewWork Business Award 2025 for outstanding culture, innovation, and employee satisfaction

Key skills/competency

• EU Cyber Resilience Act
• Supply Chain Security
• NIS2 Directive
• GRC (Governance, Risk, Compliance)
• Product Security
• Risk Assessment
• Security Frameworks (ISO 27001, NIST)
• Secure SDLC
• Pre-sales Support
• Client Consulting