Senior SSDLC Security Consultant (2-Month Contract)- job post

Job Description

United States•Remote

Contract

Job details

Job type

• Contract

Full job description

This is a remote position.

Position Overview

MBC Technology Group (MBCTG) is seeking a motivated and detail-oriented GRC Analyst to support a private-sector client engaged in modern full-stack application development on Microsoft Azure.

This role focuses on integrating security governance, risk management, and compliance practices into the software development lifecycle to ensure applications are designed, built, and deployed securely.

The GRC Analyst will work closely with software engineers, DevOps teams, and security architects to ensure that development practices align with secure coding standards, cloud security requirements, and industry frameworks.

Key Responsibilities

• Support the development and implementation of Secure Software Development Lifecycle (SSDLC) practices across full-stack development projects.
• Collaborate with software engineers, DevOps teams, and architects to embed security and compliance requirements into development workflows.
• Assist in implementing security controls aligned with frameworks such as NIST SSDF, NIST CSF, and OWASP best practices.
• Participate in secure design reviews, architecture discussions, and threat modeling sessions for applications hosted on Microsoft Azure.
• Assist with documenting and maintaining secure coding standards and application security policies.
• Identify and track security risks related to application development, cloud infrastructure, and third-party components.
• Maintain risk registers, control mappings, and compliance documentation for SSDLC processes.
• Support vulnerability management by helping track remediation activities for issues discovered during code scanning, penetration testing, or security reviews.
• Assist with the implementation and monitoring of Azure security services and controls, including Azure Defender, Azure Policy, and identity management controls.
• Prepare documentation and evidence for security assessments, internal audits, and client compliance reviews.
• Track and report security metrics for development teams, including vulnerability remediation timelines and SSDLC maturity.

Requirements

Experience:

• SDLC: 2 years (Required)
• DevOps: 2 years (Preferred)
• NIST standards: 2 years (Preferred)
• ISO 27001: 2 years (Preferred)

Minimum Qualifications

• 2+ years of experience in cybersecurity, GRC, or application security.
• Understanding of Secure Software Development Lifecycle (SSDLC) and DevSecOps practices.
• Familiarity with application security principles, including common vulnerabilities (OWASP Top 10).
• Basic understanding of cloud security concepts, preferably in Microsoft Azure environments.
• Strong documentation, communication, and cross-team collaboration skills.

Preferred Qualifications

• Bachelor’s degree in Information Security, Computer Science, Software Engineering, or a related field.
• Experience working with software development teams or CI/CD pipelines.
• Familiarity with Azure DevOps, GitHub, or other CI/CD platforms.
• Knowledge of security testing tools such as Snyk, Checkmarx, Veracode, or SonarQube.
• Understanding of threat modeling methodologies (e.g., STRIDE).
• Security certifications such as Security+, AZ-500, CSSLP, or working toward CISSP or CISA.

Location requirement: Candidates must be currently based in the US or Canada and authorized to work as a contractor in that region.

Benefits

• Work with a modern full-stack development environment hosted on Microsoft Azure.
• Collaborate with experienced developers, architects, and cybersecurity professionals.
• Gain hands-on experience implementing secure development practices in enterprise cloud environments.
• Exposure to clients across healthcare, finance, government, and education sectors.
• Opportunities for professional growth and cybersecurity certification support.

Work Location: Remote