SIGN IN
SOC Engineer (Application Security) jobs in United States
info-icon
This job has closed.
company-logo

Jobs via Dice · 7 hours ago

SOC Engineer (Application Security)

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
money$75/hr - $85/hr
date5+ years exp
Jobs via Dice is seeking an Expert SOC Security Engineer with deep expertise in Application Security to join their dynamic cybersecurity team. This role involves leading incident response efforts, mentoring junior analysts, and collaborating with development teams to enhance security in the software development lifecycle.
Computer Software

Responsibilities

Design and implement security controls for third-party software dependencies and open-source components
Monitor, detect, and respond to security incidents
Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
Conduct deep-dive investigations into Software supply chain Security (SSCS) threats, compromised dependencies, and malicious packages
Perform threat hunting for emerging attack vectors
Assess and mitigate risks associated with software dependencies across enterprise systems and applications
Lead incident response efforts for identity-based attacks and supply chain compromises
Develop detection use cases and threat models specific to SSCS attack vectors
Establish security practices for evaluating and vetting third-party packages and libraries
Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines
Perform vulnerability analysis on 3rd party CVE's and work with engineering teams to fix the vulnerability

Qualification

Application SecurityIncident ResponseThreat HuntingVulnerability ManagementSIEM ToolsCloud SecuritySecure Coding PracticesSoftware Composition AnalysisAnalytical ThinkingCommunication SkillsMentoring

Required

Bachelor's or master's degree in computer science, Cybersecurity, Information Systems, or a related technical field
Equivalent experience may be considered in lieu of formal education for exceptional candidates
5+ years of experience in SOC operations and incident response
Desired Certifications such as CISSP, CASE, OSCP, CSSLP, or GIAC
Proficiency with platforms like Splunk, Sentinel, QRadar, CrowdStrike
Deep understanding of SSCS attack vectors (dependency confusion, compromised packages, malicious commits, backdoors)
Strong knowledge of package managers (npm, PyPI, Maven, NuGet, etc.) and their security implications
Hands-on experience with artifact repository management tools
Experience with SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube)
Deep understanding of OWASP Top 10, SANS 25, and remediation techniques
Familiarity with AWS, Azure, or Google Cloud Platform security configurations and container security
Proficiency with software composition analysis (SCA) tools and vulnerability reachability concepts
Experience integrating security into CI/CD pipelines
Familiarity with DevSecOps principles
Strong analytical thinking and attention to detail
Excellent communication skills for cross-functional collaboration
Ability to mentor junior analysts and lead incident response efforts

Benefits

Medical, dental & vision
Critical Illness, Accident, and Hospital
401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available
Life Insurance (Voluntary Life & AD&D for the employee and dependents)
Short and long-term disability
Health Spending Account (HSA)
Transportation benefits
Employee Assistance Program
Time Off/Leave (PTO, Vacation or Sick Leave)

Company

Jobs via Dice

twitter
company-logo
Welcome to Jobs via Dice, the go-to destination for discovering the tech jobs you want.
people-size0-1 employees
web-link
https://www.dice.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase