Full Stack Cybersecurity Engineer II

BAM is a dynamic multi-disciplinary firm with leading-edge skills in information technology software development and applied research. Serving government and commercial markets BAM is committed to its customers and to delivering strong leadership sound solutions and innovative thinking.

BAM is seeking a Full Stack Cybersecurity Engineer II to join its team. The Full Stack Cybersecurity Engineer II will play a pivotal role in building secure scalable applications that protect critical systems and data. This mid-level position blends full stack development expertise with a strong cybersecurity focus ensuring our platforms remain resilient against evolving threats. Collaborating across IT DevOps and compliance teams youll help shape secure system design and strengthen our organizations overall security posture.

Key Responsibilities:

• Develop and maintain full-stack applications using modern frameworks (e.g. ).
• Design and implement cloud-native solutions on platforms such as AWS Azure or Google Cloud.
• Collaborate with scrum team members to deliver intuitive and responsive user interfaces.
• Build and manage RESTful APIs and microservices.
• Implement and maintain secure CI/CD pipelines with automated security testing and policy enforcement.
• Ensure application security scalability and performance.
• Troubleshoot and resolve technical issues across the stack.
• Participate in code reviews and contribute to best practices and standards.
• Document system architecture workflows and development processes.
  Design implement and manage application security solutions including SAST/DAST/IAST tools dependency scanning container security and security orchestration platforms.
• Conduct application security assessments and code reviews.
• Support incident response activities for application security events including investigation containment and recovery.
• Develop and maintain secure coding standards and DevSecOps policies
• Collaborate with development and infrastructure teams to ensure secure application configurations and deployment practices.
• Assist in compliance efforts for standards such as RMF NIST SP 800-53 and CMMC as they relate to application security.
• Participate in threat modeling security architecture reviews and secure design sessions.
• Stay current with emerging application threats vulnerabilities and secure development practices.

Required Qualifications:

• Bachelors degree in Cybersecurity Computer Science Information Technology or a related field.
• 5 years of experience in full-stack development.
• Proficiency in front-end technologies (HTML CSS JavaScript Angular).
• Experience with back-end development (.NET Python).
• 5 years of experience in application security engineering or DevSecOps roles.
• Hands-on experience with application security tools and platforms (e.g. Veracode Checkmarx SonarQube Snyk Aqua Security).
• Strong understanding of secure software development lifecycle (SDLC) application security principles and container security.
• Familiarity with security frameworks and compliance standards (e.g. NIST ISO CIS) and their application to software development.
• Excellent analytical and problem-solving skills with a focus on application-layer security.

Preferred Qualifications:

• Certifications such as CISSP CSSLP Security or GIAC (GWEB GWAPT).
• Experience with cloud security (AWS Azure GCP) and cloud-native application security.
• Experience with serverless architectures and event-driven design.
• Deep knowledge of DevSecOps practices CI/CD security and infrastructure as code security.
• Experience in government contracting or regulated industries with secure development requirements.
• Familiarity with scripting languages (e.g. Python PowerShell) for automation.

This is a remote role.
SBIR