Senior SOC Security Engineer - Appsec

Job Title: Senior SOC Security Engineer- Application Security Focus
Department: Security Operations Center (SOC)

About the Role
We are seeking a highly skilled Senior SOC Security Engineer with deep expertise in Application Security to join our dynamic cybersecurity team. This role blends real-time threat detection and response with proactive application security strategies to protect our digital assets and infrastructure.

As a senior member of the SOC, you will lead incident response efforts, mentor junior analysts, and collaborate with development teams to embed security into the software development lifecycle (SDLC). You'll be instrumental in shaping our security posture across both operational and application layers.

Key Responsibilities

• Monitor, detect, and respond to security incidents using SIEM and EDR tools
• Conduct deep-dive investigations into complex threats and vulnerabilities
• Perform threat hunting and develop detection use cases for emerging attack vectors
• Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines
• Conduct code reviews and static/dynamic analysis to identify application vulnerabilities
• Lead application threat modeling and risk assessments
• Develop and maintain playbooks for incident response and application security testing
• Mentor SOC analysts and contribute to continuous improvement of SOC processes
• Stay current with threat intelligence, zero-days, and security trends

Required Skills & Qualifications

• Bachelor's or Master's degree in computer science, Cybersecurity, Information Systems, or a related technical field
• Equivalent experience may be considered in lieu of formal education for exceptional candidates
• 5+ years of experience in SOC operations and incident response
• Desired Certifications such as CISSP, CASE, OSCP, CSSLP, or GIAC

Technical Skills

• SIEM & EDR Tools: Proficiency with platforms like Splunk, Sentinel, QRadar, CrowdStrike
• Application Security Tools: Experience with SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube)
• Secure Coding Practices: Deep understanding of OWASP Top 10, SANS 25, and remediation techniques
• Cloud Security: Familiarity with AWS, Azure, or Google Cloud Platform security configurations and container security
• Threat Modeling & Vulnerability Management: Ability to assess risks and guide mitigation strategies
• Familiarity with cloud platforms (AWS, Azure, Google Cloud Platform) and container security
• Experience integrating security into CI/CD pipelines
• Familiarity with DevSecOps principles

Soft Skills & Leadership

• Strong analytical thinking and attention to detail
• Excellent communication skills for cross-functional collaboration
• Ability to mentor junior analysts and lead incident response efforts

#LI-BB1
#DICE

#Hybrid