$70,000 - 130,000 per year
Posted: July 21, 2025
Embed security controls, monitoring, and compliance automation across the software development lifecycle (SDLC) for internally developed and low-code (Power Platform) applications handling business data and customer sensitive data.
Engineer and operate secure, resilient CI/CD pipelines across the Power Platform and GitHub with automated quality and security gates (SAST, DAST, dependency, container, infrastructure-as-code scanning, secrets detection, SBOM generation).
Provide direct support to developers. Implement, tune, and maintain cloud security guardrails (Azure, M365, Power Platform) including data protection, configuration baselines, and zero-trust principles.
Lead/assist in incident response and vulnerability management – rapid triage, containment, remediation, root cause analysis (RCA), and post-incident improvement actions.
Provide security guidance, threat modeling (STRIDE/PASTA/ATT&CK input), and coaching to developers, analysts, and stakeholders to improve secure design and release quality metrics.
Network security operations, define and enforce network segmentation, VNet/subnet configurations, and security groups in AWS/Azure, implement firewall rules, NSGs, and service endpoint protections, validate zero trust principles in cloud network design
Holding one of the following certifications: Security+, CISSP, CND, or CASP+
U.S. work authorization and the ability to obtain or maintain a Secret clearance
Experience deploying and monitoring web applications in AWS and/or Azure
Availability for limited after-hours/on-call participation during critical incidents or 24 -hour war-room responses
Adhere to organizational policies, confidentiality, and handling standards for sensitive data.
Design, implement, and secure containerized workloads using Docker and Kubernetes, with a strong emphasis on Linux-based environments, image scanning, runtime protection, and policy enforcement.
Build and track security using automation, Snyk for packages and Solution Checker for Power Platform and Power Apps
Deep understanding of identity and access management, encryption standards, network protocols
Experience performing code reviews, threat modeling (STRIDE, PASTA), root-cause analysis on security incidents
Bachelor’s degree in Computer Science, Cybersecurity, or related fields
Active Secret clearance
Knowledge of compliance automation
5+ years combined experience in DevOps, Cybersecurity Engineering, Cloud Engineering, or related roles supporting production workloads.
Demonstrated history of automating build/deploy pipelines and implementing security testing/monitoring at scale.
Owns definition, implementation, and continuous improvement of DevSecOps practices, pipelines, and controls
Translates regulatory and contractual requirements (such as NIST 800-53) into automated, testable controls and evidence collection.
Designs and maintains standardized Infrastructure as Code (IaC) and security baselines; ensures traceability from risk to mitigation.
Coordinates with product owners to align remediation priorities with business impact and risk appetite.
Hands-on with Azure (Entra ID, Key Vault, Defender for Cloud), Microsoft Power Platform (Power Apps, Power Automate, Dataverse, SharePoint) security configuration and integration with traditional software services.
Hands-on with Docker, Kubernetes container technologies and Linux operating system
Continuous Integration and Continuous Deployment (CI/CD) tooling (GitHub Actions, Azure DevOps pipelines) including artifact management, environment promotion strategies and policy enforcement
Security scanning tools including Snyk, GitHub (Advanced Security & Dependabot), Microsoft Solution Checker) and interpreting output into actionable backlog items
Threat modeling using STRIDE, PASTA stages (particularly Stages 4-7), MITRE ATT&CK and CAPEC referencing, and CWE mapping for defect classification.
Incident handling through triage logging, forensics, containment, credentials rotation, and post-incident retrospectives.
Strong scripting/automation in at least one: PowerShell, Python, or Bash.
Clear, concise written and verbal communication for executive summaries and technical deep dives.
Ability to prioritize remediation and negotiate risk-based exceptions with stakeholders.
Commitment to mentoring peers and elevating team security maturity.
Continuous learning mindset; tracks emerging CVEs, supply chain risks, and platform updates.
This description is not exhaustive. Duties may evolve with organizational maturity, regulatory changes, or platform expansion.
Role emphasizes enablement – building paved roads and guardrails that accelerate (not obstruct) secure delivery.
Internal
CISO/CTO, Program/Product/Project Managers, Developers, HR, Compliance/Legal, Leadership, Help Desk
External
Security auditors, potential government customer representatives
Operates in a mixed ecosystem of custom code and low-code solutions with evolving requirements and constrained resources.
Balances rapid delivery pressures against risk reduction and audit readiness.
Must contextualize scanner outputs and translate them into prioritized, measurable remediation plans.
Provides technical mentorship, code / pipeline security reviews, and training sessions to developers.
Does not typically have formal direct reports initially but may evolve into a lead capacity as the function scales.
Standard enterprise workstation (Windows) with secured toolset
Azure Virtual Desktop (AVD)
Scripting / IDE tools (VS Code, PowerShell, Python)
Security scanning & monitoring platforms (Snyk and more)
Collaboration & documentation tools (Teams, SharePoint, ticketing systems)
Email: info@phoenix-group.com
Phone: (757) 228-1730
Address: 630C Woodlake Drive, Chesapeake VA 23320