Develops, maintains, and enhances secure cloud platform solutions in support of Business Cloud Services delivery. Performs hands-on security operations, automates repeatable security and governance processes, and coordinates remediation activities across Azure, GitHub Enterprise, and BCS-managed applications. Collaborates with BCS developers, architects, leadership, and Security teams to help ensure cloud solutions are designed, delivered, and operated securely. Supports shift-left security practices by providing practical, developer-friendly security guidance and helping teams identify, prioritize, and remediate security findings efficiently.

• Supports the implementation, operation, and continuous improvement of security controls for BCS-managed Azure resources and cloud platform services.
• Monitors, reviews, triages, and coordinates remediation of security findings from Microsoft Defender for Cloud and other approved security tools.
• Assists with security exception and exemption requests by gathering required technical details, validating business and technical context, and supporting approval workflows.
• Validates remediation actions, tracks closure of security findings, and helps ensure issues are resolved in alignment with approved security requirements and timelines.
• Implements and maintains Microsoft Entra ID security groups, app registrations, service principals, managed identities, and related identity and access configurations.
• Executes RBAC assignments and access changes in accordance with approved access models, least privilege principles, and operational requirements.
• Supports Microsoft Entra Privileged Identity Management role assignments, activations, reviews, and related privileged access processes.
• Assists with access reviews, audits, and compliance activities by validating access, configurations, and supporting evidence.
• Supports security controls within GitHub Enterprise, including repository-level security practices, access controls, and development workflow security.
• Assists with CI/CD security practices, including use of GitHub Advanced Security, secure pipeline configuration, and remediation of pipeline or repository security findings.
• Triage and track application, repository, and software supply chain security findings using Security-provided tools such as Legit Security, ArmorCode, or similar platforms.
• Works directly with BCS developers, architects, and engineering teams to coordinate remediation activities and resolve vulnerabilities with minimal disruption.
• Tracks vulnerabilities, ownership, remediation status, recurring issues, and blockers; escalates risks and trends to BCS leadership as appropriate.
• Automates repeatable security, governance, access, and remediation tasks using scripting, templates, tooling, and standard processes.
• Develops and maintains reusable security templates, patterns, and standards for identity and access configurations, CI/CD security controls, common remediation scenarios, and cloud security operations.
• Supports the use of AI-enabled solutions to improve security operations, visibility, triage, prioritization, and identification of recurring risk patterns.
• Partners with BCS engineering, development, and Security teams to ensure AI-enabled security solutions are used securely, responsibly, and in alignment with enterprise expectations.
• Serves as an operational contact for BCS security issues, including investigation support, technical information gathering, log collection, and coordination with appropriate stakeholders.
• Escalates security incidents, operational risks, remediation blockers, and recurring issues to BCS leadership and Security teams as needed.
• Provides practical, developer-friendly security guidance to support shift-left security practices and improve secure development behaviors across BCS teams.
• Documents security processes, platform configurations, remediation procedures, templates, and operational best practices.
• Other duties as assigned.

• Applies strong working knowledge of cloud security, Azure security services, Microsoft Entra ID, RBAC, privileged access management, GitHub Enterprise, CI/CD security, and DevSecOps practices.
• Develops solutions to complex operational and security challenges involving cloud resources, identity and access management, repository security, pipeline security, vulnerability remediation, and application security findings.
• Works independently on assigned security operations, remediation, automation, and platform support activities while using judgment to evaluate risks, prioritize issues, and recommend practical solutions.
• Collaborates across BCS engineering, development, architecture, leadership, and Security teams to coordinate remediation activities and improve the security posture of BCS-managed applications and cloud environments.
• May provide technical guidance and support to developers and engineering teams on secure configuration, remediation approaches, access models, CI/CD controls, and shift-left security practices.
• Contributes to the development and improvement of security standards, reusable templates, automation patterns, operational procedures, and best practices for BCS cloud and application environments.
• Identifies recurring security issues, operational inefficiencies, and risk patterns; recommends improvements to reduce manual effort, improve consistency, and strengthen security outcomes.
• Decisions and actions may impact cloud security posture, application risk, audit readiness, operational continuity, and the ability of BCS teams to deliver secure cloud solutions.

Typically 8+ years with bachelor's or equivalent.

Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.

Typically requires experience supporting cloud environments, security operations, DevSecOps practices, platform engineering, application security, or related technology functions.

Experience should include hands-on work with Azure security, Microsoft Defender for Cloud, Microsoft Entra ID, RBAC, privileged access concepts, GitHub Enterprise, CI/CD pipelines, vulnerability remediation, and automation of operational or security tasks.

This role is focused on hands-on cloud security operations, remediation coordination, identity and access support, GitHub and CI/CD security, application and supply chain security, and security automation for BCS-managed environments.

The position is distinguished by its embedded role within the BCS engineering team and its close collaboration with developers, architects, leadership, and the Security team. Successful performance requires the ability to translate security findings into actionable remediation steps, support developers with practical guidance, and help strengthen security practices without creating unnecessary delivery friction.

The role requires strong familiarity with Azure security services, Microsoft Defender for Cloud, Microsoft Entra ID, RBAC, PIM, GitHub Enterprise, CI/CD security practices, and automation through scripts, templates, or tooling. Preferred experience includes GitHub Advanced Security, Legit Security, ArmorCode, AI-assisted operational approaches, and prior experience in a DevSecOps or cloud engineering environment.

Preferred certifications or training may include:

• Microsoft Azure security or administrator certification
• Microsoft identity and access management certification
• GitHub Advanced Security or GitHub Enterprise training
• Cloud security, DevSecOps, or application security certification
• Related certifications in cybersecurity, cloud engineering, or infrastructure automation