Cyber Security Consultant

As a Cyber Security Consultant at EPAM, you will help clients address complex security challenges with a particular focus on the EU Cyber Resilience Act (CRA), Supply Chain Security, and related GRC topics. This is a senior-level position where you will leverage your expertise to advise on security problems across diverse industries. You will collaborate with cross-functional teams, support pre-sales activities and contribute to practice development, helping EPAM grow its security consulting capabilities. Responsibilities Lead and deliver consulting engagements focused on CRA, Supply Chain Security and related regulations (e.g., NIS2) Drive CRA readiness for products with digital elements: scoping, product classification, gap assessments against essential requirements, risk analysis, control design, remediation roadmaps and technical documentation Establish and mature product security capabilities: secure development lifecycle, secure update processes, vulnerability handling and coordinated vulnerability disclosure (CVD), PSIRT setup/operations, SBOM generation/management and vulnerability triage Design and implement supply chain security and third party risk management programs: supplier risk segmentation, due diligence, contractual/security requirements, continuous monitoring and integration with procurement/vendor management Translate regulatory requirements (CRA, NIS2) into actionable control frameworks and policies; map to standards such as ISO 27001/27002/27036, NIST CSF/SP 800/, CIS Controls, OWASP, etc. Conduct risk assessments and threat modeling for products and suppliers; define mitigation strategies, metrics and KPIs Produce clear, high quality deliverables: assessment reports, control designs, implementation plans, policies, process maps and training Collaborate with client stakeholders across security, engineering, product, operations, legal and compliance; facilitate workshops and drive change Support pre sales: discovery sessions, solution design, level of effort estimates, proposals, and presentations; contribute reusable content and accelerators Contribute to EPAM’s security consulting practice: methodology development, knowledge sharing, mentoring and thought leadership Stay current on emerging threats, regulatory changes and best practices in product security, supply chain security and GRC Requirements Proven security consulting experience with direct focus on the EU Cyber Resilience Act, Supply Chain Security, NIS2 and broader GRC topics Demonstrable experience establishing product security capabilities (PSIRT, CVD, SBOM management, secure development/update practices) in complex product or software organizations Strong familiarity with EU regulatory context (CRA, NIS2) and practical aspects of conformity assessment, technical documentation and CE marking; experience engaging notified bodies is a plus Broad knowledge of frameworks and standards (ISO 27001, NIST CSF, NIST SP 800 161, NIST SSDF, CIS Controls, OWASP) and the ability to perform control mapping and tailored implementations Experience advising on or implementing security solutions in large enterprise and product engineering environments, including supplier risk management and secure software supply chain practices Strong analytical, communication and facilitation skills; ability to explain complex topics to technical and non technical stakeholders Demonstrated pre sales experience and contributions to practice development Senior-level consulting experience across multiple industries Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CCSK/CCSP are desirable Bachelor’s or master’s degree in computer science, Information Security, Engineering, or a related field