Sr. SOC Engineer
Remote in Remote (EST Hours), MD, US • Posted 18 days ago • Updated 10 hours agoContract W2
On-site
Software Guidance & Assistance
Fitment
Dice Job Match Score™
📊 Calculating match score...
Job Details
Skills
- Security Operations
- Real-time
- Software Development
- Software Development Methodology
- Security Controls
- Open Source
- Vulnerability Management
- Supply Chain Management
- Use Cases
- DevOps
- Vulnerability Assessment
- Computer Science
- Cyber Security
- Information Systems
- System On A Chip
- CISSP
- OSCP
- SIEM
- Splunk
- IBM QRadar
- Apache Maven
- NuGet
- Management
- Software Security
- Burp Suite
- OWASP
- SANS
- Cloud Security
- SCA
- Cloud Computing
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
- Google Cloud
- Continuous Integration
- Continuous Delivery
- DevSecOps
- Soft Skills
- Leadership
- Analytical Skill
- Attention To Detail
- Communication
- Collaboration
- Mentorship
- Incident Management
- MEAN Stack
- Customer Service
- Training And Development
- SAP BASIS
Summary
Software Guidance & Assistance, Inc., (SGA), is searching for an Sr. SOC Engineer for a Contract assignment with one of our premier Regulatory clients .
About the Role
We are seeking a highly skilled Senior SOC Security Engineer with deep expertise in Application Security to join our dynamic cybersecurity team.
This role requires flexibility to support our 24x7x365 Security Operations Center, including regular off-hours coverage.
This role blends real-time threat detection and response with proactive application security strategies to protect our digital assets and infrastructure.
As a senior member of the SOC, you will lead incident response efforts, mentor junior analysts, and collaborate with development teams to embed security into the software development lifecycle (SDLC). You'll be instrumental in shaping our security posture across both operational and application layers.
Key Responsibilities
Design and implement security controls for third-party software dependencies and open-source components
Monitor, detect, and respond to security incidents
Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
Conduct deep-dive investigations into Software supply chain Security (SSCS) threats, compromised dependencies, and malicious packages
Perform threat hunting for emerging attack vectors
Assess and mitigate risks associated with software dependencies across enterprise systems and applications
Lead incident response efforts for identity-based attacks and supply chain compromises
Develop detection use cases and threat models specific to SSCS attack vectors
Establish security practices for evaluating and vetting third-party packages and libraries
Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines
Perform vulnerability analysis on 3rd party CVE's with in the firm context and work with engineering teams to fix the vulnerability.
Required Skills & Qualifications
Bachelor's or master's degree in computer science, Cybersecurity, Information Systems, or a related technical field
Equivalent experience may be considered in lieu of formal education for exceptional candidates
5+ years of experience in SOC operations and incident response
Desired Certifications such as CISSP, CASE, OSCP, CSSLP, or GIAC
Technical Skills
SIEM & EDR Tools: Proficiency with platforms like Splunk, Sentinel, QRadar, CrowdStrike
Deep understanding of SSCS attack vectors (dependency confusion, compromised packages, malicious commits, backdoors)
Strong knowledge of package managers (npm, PyPI, Maven, NuGet, etc.) and their security implications
Hands-on experience with artifact repository management tools
Application Security Tools: Experience with SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube)
Secure Coding Practices: Deep understanding of OWASP Top 10, SANS 25, and remediation techniques
Cloud Security: Familiarity with AWS, Azure, or Google Cloud Platform security configurations and container security
Proficiency with software composition analysis (SCA) tools and vulnerability reachability concepts
Familiarity with cloud platforms (AWS, Azure, Google Cloud Platform) and container security
Experience integrating security into CI/CD pipelines
Familiarity with DevSecOps principles
Soft Skills & Leadership
Strong analytical thinking and attention to detail
Excellent communication skills for cross-functional collaboration
Ability to mentor junior analysts and lead incident response efforts
SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.
About the Role
We are seeking a highly skilled Senior SOC Security Engineer with deep expertise in Application Security to join our dynamic cybersecurity team.
This role requires flexibility to support our 24x7x365 Security Operations Center, including regular off-hours coverage.
This role blends real-time threat detection and response with proactive application security strategies to protect our digital assets and infrastructure.
As a senior member of the SOC, you will lead incident response efforts, mentor junior analysts, and collaborate with development teams to embed security into the software development lifecycle (SDLC). You'll be instrumental in shaping our security posture across both operational and application layers.
Key Responsibilities
Design and implement security controls for third-party software dependencies and open-source components
Monitor, detect, and respond to security incidents
Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
Conduct deep-dive investigations into Software supply chain Security (SSCS) threats, compromised dependencies, and malicious packages
Perform threat hunting for emerging attack vectors
Assess and mitigate risks associated with software dependencies across enterprise systems and applications
Lead incident response efforts for identity-based attacks and supply chain compromises
Develop detection use cases and threat models specific to SSCS attack vectors
Establish security practices for evaluating and vetting third-party packages and libraries
Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines
Perform vulnerability analysis on 3rd party CVE's with in the firm context and work with engineering teams to fix the vulnerability.
Required Skills & Qualifications
Bachelor's or master's degree in computer science, Cybersecurity, Information Systems, or a related technical field
Equivalent experience may be considered in lieu of formal education for exceptional candidates
5+ years of experience in SOC operations and incident response
Desired Certifications such as CISSP, CASE, OSCP, CSSLP, or GIAC
Technical Skills
SIEM & EDR Tools: Proficiency with platforms like Splunk, Sentinel, QRadar, CrowdStrike
Deep understanding of SSCS attack vectors (dependency confusion, compromised packages, malicious commits, backdoors)
Strong knowledge of package managers (npm, PyPI, Maven, NuGet, etc.) and their security implications
Hands-on experience with artifact repository management tools
Application Security Tools: Experience with SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube)
Secure Coding Practices: Deep understanding of OWASP Top 10, SANS 25, and remediation techniques
Cloud Security: Familiarity with AWS, Azure, or Google Cloud Platform security configurations and container security
Proficiency with software composition analysis (SCA) tools and vulnerability reachability concepts
Familiarity with cloud platforms (AWS, Azure, Google Cloud Platform) and container security
Experience integrating security into CI/CD pipelines
Familiarity with DevSecOps principles
Soft Skills & Leadership
Strong analytical thinking and attention to detail
Excellent communication skills for cross-functional collaboration
Ability to mentor junior analysts and lead incident response efforts
SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: sgainc
- Position Id: 26-00167
- Posted 18 days ago
Company Info
About Software Guidance & Assistance
Founded in 1981, SGA is a technology and resource solutions provider with a national footprint and headquartered in the shadow of Wall Street. We’re a certified women-owned business. We provide contingent staffing, direct placement, and professional and managed services to transform businesses and evolve careers. We’re small enough to tailor our services to each client and big enough to deliver for some of the world’s largest employers. Our professionals are experts in areas such as IT, finance, accounting, risk, and clinical.
SGA provides contingent staffing, direct placement, and professional and managed services nationwide for Fortune 500 companies, mid-size businesses and select startups.
Our core skillsets include all areas of technology – business & data analysis, cyber & network security, database administration, development & architecture, infrastructure, program & project management, quality assurance & testing. We also deliver talent across professional business functions such as finance, accounting, risk, and clinical.
Our Professional & Managed Services team delivers IT projects through onshore, offshore and hybrid delivery models. We develop software products, modernize applications, add features, and integrate and maintain systems. Our scope covers, among others, complex application suites, data management and visualizations, machine learning and mobile applications.
Create job alert
Never miss an opportunity! Create an alert based on the job you applied for.Similar Jobs
It looks like there aren't any Similar Jobs for this job yet.
Search all similar jobs