- Embed security best practices into the SDLC/DevSecOps pipelines using Microsoft technologies (Azure DevOps, GitHub, Visual Studio, .NET).
- Perform threat modeling, design reviews, and code reviews to identify and mitigate security risks.
- Conduct application security assessments, penetration testing, and static/dynamic analysis (SAST/DAST) using Microsoft-native and third-party tools.
- Build and maintain automated security controls in CI/CD pipelines (e.g., Azure DevOps pipelines, GitHub Actions).
- Collaborate with developers to remediate vulnerabilities and promote secure coding practices in .NET, C#, and PowerShell.
- Partner with cloud engineers to ensure secure deployment in Microsoft Azure, including use of Azure Key Vault, Azure AD, Microsoft Entra ID, and Defender for Cloud.
- Drive adoption of security standards such as OWASP Top 10, NIST, and Microsoft Secure Development Lifecycle (SDL).
- Investigate security incidents involving applications and support root cause analysis.
- Develop training, documentation, and guidance to uplift application security awareness across development teams.
Requirements:
- Bachelor's degree in computer science, Cybersecurity, or related field (or equivalent work experience).
- 3–5+ years of experience in application security, software development, or security engineering.
- Hands-on experience with Microsoft development tools: .NET, C#, Visual Studio, Azure DevOps, GitHub.
- Good knowledge with Azure cloud services, Power platform, Dynamics365 and their security features.
- Experience with application security testing tools (SAST, DAST, SCA, IaC scanning).
- Knowledge of identity and access management in Microsoft ecosystems (Azure AD / Entra ID, OAuth, OpenID Connect).
- Strong understanding of secure coding practices and common vulnerabilities (OWASP Top 10, CWE, etc.).
- Familiarity with Infrastructure as Code security (Terraform, Bicep, ARM templates)
- Knowledge of regulatory compliance standards (e.g., ISO 27001, PCI DSS, GDPR) preferred.