All Jobs Vacancy

Security Engineer 3

Posted 3 days ago by Wise Equation Solutions Inc.

Summary: We are looking for a Senior SOC Security Engineer specializing in Application Security to enhance our cybersecurity team. This position involves supporting a 24x7x365 Security Operations Center with a focus on real-time threat detection and proactive application security. The role includes leading incident response, mentoring junior analysts, and collaborating with development teams to integrate security into the software development lifecycle. The ideal candidate will play a crucial role in shaping our security posture across operational and application layers.

Key Responsibilities:

  • Design and implement security controls for third-party software dependencies and open-source components
  • Monitor, detect, and respond to security incidents
  • Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
  • Conduct deep-dive investigations into Software supply chain Security (SSCS) threats, compromised dependencies, and malicious packages
  • Perform threat hunting for emerging attack vectors
  • Assess and mitigate risks associated with software dependencies across enterprise systems and applications
  • Lead incident response efforts for identity-based attacks and supply chain compromises
  • Develop detection use cases and threat models specific to SSCS attack vectors
  • Establish security practices for evaluating and vetting third-party packages and libraries
  • Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines
  • Perform vulnerability analysis on 3rd party CVE’s within the context and work with engineering teams to fix the vulnerability

Key Skills:

  • Bachelor's or master's degree in computer science, Cybersecurity, Information Systems, or a related technical field
  • Equivalent experience may be considered in lieu of formal education for exceptional candidates
  • 7+ years of experience in SOC operations and incident response
  • Desired Certifications such as CISSP, CASE, OSCP, CSSLP, or GIAC
  • Proficiency with SIEM & EDR Tools like Splunk, Sentinel, QRadar, CrowdStrike
  • Deep understanding of SSCS attack vectors (dependency confusion, compromised packages, malicious commits, backdoors)
  • Strong knowledge of package managers (npm, PyPI, Maven, NuGet, etc.) and their security implications
  • Hands-on experience with artifact repository management tools
  • Experience with Application Security Tools: SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube)
  • Deep understanding of OWASP Top 10, SANS 25, and remediation techniques
  • Familiarity with AWS, Azure, or Google Cloud Platform security configurations and container security
  • Proficiency with software composition analysis (SCA) tools and vulnerability reachability concepts
  • Experience integrating security into CI/CD pipelines
  • Familiarity with DevSecOps principles
  • Strong analytical thinking and attention to detail
  • Excellent communication skills for cross-functional collaboration
  • Ability to mentor junior analysts and lead incident response efforts

Salary (Rate): £70,000 yearly

City: undetermined

Country: undetermined

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:
Project Description
We are seeking a highly skilled Senior SOC Security Engineer with expertise in Application Security to join our dynamic cybersecurity team. This role requires flexibility to support our 24x7x365 Security Operations Center, including regular off-hours coverage.
This role is for Shift 3 (11pm-8am). This role blends real-time threat detection and response with proactive application security strategies to protect our digital assets and infrastructure.

As a senior member of the SOC, you will lead incident response efforts, mentor junior analysts, and collaborate with development teams to embed security into the software development lifecycle (SDLC). You’ll be instrumental in shaping our security posture across both operational and application layers.

Key Responsibilities
• Design and implement security controls for third-party software dependencies and open-source components
• Monitor, detect, and respond to security incidents
• Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
• Conduct deep-dive investigations into Software supply chain Security (SSCS) threats, compromised dependencies, and malicious packages
• Perform threat hunting for emerging attack vectors
• Assess and mitigate risks associated with software dependencies across enterprise systems and applications
• Lead incident response efforts for identity-based attacks and supply chain compromises
• Develop detection use cases and threat models specific to SSCS attack vectors
• Establish security practices for evaluating and vetting third-party packages and libraries
• Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines
• Perform vulnerability analysis on 3rd party CVE’s with in the *** context and work with engineering teams to fix the vulnerability.

Required Skills & Qualifications
· Bachelor''s or master''s degree in computer science, Cybersecurity, Information Systems, or a related technical field
· Equivalent experience may be considered in lieu of formal education for exceptional candidates
· 7+ years of experience in SOC operations and incident response
· Desired Certifications such as CISSP, CASE, OSCP, CSSLP, or GIAC

Technical Skills
· SIEM & EDR Tools: Proficiency with platforms like Splunk, Sentinel, QRadar, CrowdStrike
· Deep understanding of SSCS attack vectors (dependency confusion, compromised packages, malicious commits, backdoors)
· Strong knowledge of package managers (npm, PyPI, Maven, NuGet, etc.) and their security implications
· Hands-on experience with artifact repository management tools
· Application Security Tools: Experience with SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube)
· Secure Coding Practices: Deep understanding of OWASP Top 10, SANS 25, and remediation techniques
· Cloud Security: Familiarity with AWS, Azure, or Google Cloud Platform security configurations and container security
· Proficiency with software composition analysis (SCA) tools and vulnerability reachability concepts
· Familiarity with cloud platforms (AWS, Azure, Google Cloud Platform) and container security
· Experience integrating security into CI/CD pipelines
· Familiarity with DevSecOps principles

Soft Skills & Leadership
· Strong analytical thinking and attention to detail
· Excellent communication skills for cross-functional collaboration
· Ability to mentor junior analysts and lead incident response efforts
Rate:
£0/year
Location:
Remote
IR35 Status:
Undetermined
Remote Status:
Remote
Industry:
IT
Seniority Level:
Not Specified

Take-Home Pay

Not Available

Visit calculators for additional details

Create a free account to view the take-home pay for this contract

Share job