Jobs via Dice is seeking an Expert SOC Security Engineer with deep expertise in Application Security to join their dynamic cybersecurity team. This role involves leading incident response efforts, mentoring junior analysts, and collaborating with development teams to enhance security in the software development lifecycle.
Responsibilities:
- Design and implement security controls for third-party software dependencies and open-source components
- Monitor, detect, and respond to security incidents
- Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
- Conduct deep-dive investigations into Software supply chain Security (SSCS) threats, compromised dependencies, and malicious packages
- Perform threat hunting for emerging attack vectors
- Assess and mitigate risks associated with software dependencies across enterprise systems and applications
- Lead incident response efforts for identity-based attacks and supply chain compromises
- Develop detection use cases and threat models specific to SSCS attack vectors
- Establish security practices for evaluating and vetting third-party packages and libraries
- Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines
- Perform vulnerability analysis on 3rd party CVE's and work with engineering teams to fix the vulnerability
Requirements:
- Bachelor's or master's degree in computer science, Cybersecurity, Information Systems, or a related technical field
- Equivalent experience may be considered in lieu of formal education for exceptional candidates
- 5+ years of experience in SOC operations and incident response
- Desired Certifications such as CISSP, CASE, OSCP, CSSLP, or GIAC
- Proficiency with platforms like Splunk, Sentinel, QRadar, CrowdStrike
- Deep understanding of SSCS attack vectors (dependency confusion, compromised packages, malicious commits, backdoors)
- Strong knowledge of package managers (npm, PyPI, Maven, NuGet, etc.) and their security implications
- Hands-on experience with artifact repository management tools
- Experience with SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube)
- Deep understanding of OWASP Top 10, SANS 25, and remediation techniques
- Familiarity with AWS, Azure, or Google Cloud Platform security configurations and container security
- Proficiency with software composition analysis (SCA) tools and vulnerability reachability concepts
- Experience integrating security into CI/CD pipelines
- Familiarity with DevSecOps principles
- Strong analytical thinking and attention to detail
- Excellent communication skills for cross-functional collaboration
- Ability to mentor junior analysts and lead incident response efforts