Cybersecurity Engineer II

Cybersecurity Engineer II

BAM is a dynamic, multi-disciplinary firm with leading-edge skills in information technology, software development and applied research. Serving government and commercial markets, BAM is committed to its customers and to delivering strong leadership, sound solutions, and innovative thinking.

BAM is seeking a Cybersecurity Engineer II to join its team. The Cybersecurity Engineer II is a mid-level technical role responsible for implementing, maintaining, and enhancing security measures to protect organizational systems, networks, and data. This role focuses on threat detection, vulnerability management, incident response, and secure system design. The engineer collaborates with IT, DevOps, and compliance teams to ensure that security controls are effective, scalable, and aligned with regulatory requirements and industry best practices.

Key Responsibilities:

• Design, implement, and manage application security solutions including SAST/DAST/IAST tools, dependency scanning, container security, and security orchestration platforms.
• Conduct application security assessments, code reviews, and penetration testing; coordinate remediation efforts with development teams.
• Implement and maintain secure CI/CD pipelines with automated security testing and policy enforcement.
• Support incident response activities for application security events, including investigation, containment, and recovery.
• Develop and maintain secure coding standards, DevSecOps policies, and technical documentation.
• Collaborate with development and infrastructure teams to ensure secure application configurations and deployment practices.
• Assist in compliance efforts for standards such as RMF, NIST SP 800-53, and CMMC as they relate to application security.
• Participate in threat modeling, security architecture reviews, and secure design sessions.
• Stay current with emerging application threats, vulnerabilities, and secure development practices.

Required Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 5+ years of experience in application security engineering or DevSecOps roles.
• Hands-on experience with application security tools and platforms (e.g., Veracode, Checkmarx, SonarQube, Snyk, Aqua Security).
• Strong understanding of secure software development lifecycle (SDLC), application security principles, and container security.
• Familiarity with security frameworks and compliance standards (e.g., NIST, ISO, CIS) and their application to software development.
• Excellent analytical and problem-solving skills with a focus on application-layer security.

Preferred Qualifications:

• Certifications such as CISSP, CSSLP, Security+, or GIAC (GWEB, GWAPT).
• Experience with cloud security (AWS, Azure, GCP) and cloud-native application security.
• Deep knowledge of DevSecOps practices, CI/CD security, and infrastructure as code security.
• Experience in government contracting or regulated industries with secure development requirements.
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation.

This is a remote role.
SBIR