BPCS, Comprehensive marketing solutions, ltd.

Compensation

Full Description

Job Description: • Act as a security-focused software engineer, building automation, secure code patterns, and tooling • Write software, review code, integrate security into CI/CD pipelines • Analyze risks and collaborate with engineering teams to drive secure-by-default practices • Develop automation tools, scripts, and security utilities • Implement secure design patterns into shared libraries and reusable modules • Conduct secure code reviews, ensuring adherence to best practices and industry standards • Build integrations for SAST/DAST tools, dependency scanning, and automated vulnerability reporting • Embed security controls directly into Azure DevOps or GitHub Actions pipelines • Build CI/CD guardrails and maintain secure CI/CD configurations • Develop and automate Azure security controls using PowerShell, Python, ARM/Bicep, Azure CLI • Support engineering teams in remediating vulnerabilities and misconfigurations • Identify risks in applications, APIs, and cloud environments • Participate in secure architecture discussions and design reviews • Work closely with engineering, compliance, and product teams to drive secure-by-default development • Clearly articulate technical risk to non-technical partners Requirements: • 8+ years of experience in Software Development • Strong programming background using C#, Python, or TypeScript • Experience writing production-quality automation or tooling • Ability to perform code reviews and refactor insecure patterns • Experience with REST APIs, backend components, and cloud-native services • 8+ years of experience in DevSecOps & Cloud Security Automation • Hands-on engineering in Microsoft Azure • Experience with ARM/Bicep, Terraform, CI/CD automation, and secure pipeline design • Strong understanding of RBAC, identity, networking, and Azure security controls • 5+ years of experience in Security Risk & Compliance • Experience with NIST CSF, ISO 27001, or SOC 2 • Ability to document risks, track remediation, and perform threat modeling • Hands-on experience fixing vulnerabilities in code and pipelines • CISSP, CSSLP, AZ-500, or similar certifications is preferred • Experience developing security tooling or custom scanners • Familiarity with Kusto (KQL) or Azure Data Explorer for security insights • Experience with policy-as-code and governance automation Benefits: • Medical, dental, and vision coverage • Flexible Spending Account • 401k program • Competitive PTO offerings • Parental Leave • Opportunities for professional growth and development