ConsultNet Technology Services and Solutions is a premier national provider of technology talent and solutions. They are seeking a Senior SOC Security Engineer with a strong background in Application Security to join their 24x7 Security Operations Center, focusing on incident response, threat hunting, and enhancing application security practices.
Responsibilities:
- Monitor, investigate, and respond to security incidents across enterprise environments
- Lead incident response efforts for application, identity, and software supply chain security events
- Perform proactive threat hunting and develop new detection use cases for emerging threats
- Assess and remediate vulnerabilities, including exploitability and reachability analysis for third-party software and open-source dependencies
- Investigate software supply chain risks, compromised packages, malicious libraries, and dependency-related attacks
- Partner with engineering and DevOps teams to integrate security into CI/CD pipelines and development workflows
- Implement and improve security controls for third-party software, package repositories, and application dependencies
- Analyze CVEs and work with development teams to prioritize and remediate vulnerabilities
- Mentor junior security analysts and contribute to the continuous improvement of SOC processes and security operations
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical discipline (or equivalent experience)
- 7+ years of experience in Security Operations, Incident Response, or Application Security
- Experience working in a 24x7 SOC environment with off-hours support responsibilities
- Industry certifications such as CISSP, OSCP, CSSLP, GIAC, or similar are highly preferred
- SIEM and EDR platforms such as Splunk, Microsoft Sentinel, QRadar, or CrowdStrike
- Strong knowledge of application security, secure coding principles, and OWASP Top 10
- Experience with SAST, DAST, and Software Composition Analysis (SCA) tools
- Knowledge of software supply chain security, dependency management, and package ecosystems (npm, Maven, PyPI, NuGet, etc.)
- Experience with artifact repositories and vulnerability management
- Familiarity with DevSecOps practices and integrating security into CI/CD pipelines
- Cloud security experience within AWS, Azure, or GCP, including container security
- Strong understanding of threat detection, vulnerability management, and incident response methodologies
- Experience investigating software supply chain attacks and dependency compromise
- Familiarity with vulnerability reachability analysis and exploit prioritization
- Experience developing security detections, threat models, and automation
- Ability to mentor teammates and collaborate effectively across Security, Infrastructure, and Engineering organizations