Key Facts

Remote From:

Maryland (USA)

Full time

Senior (5-10 years)

English

Hard Skills

Other Skills

•
Non-Verbal Communication
•
Leadership
•
Teamwork
•
Analytical Thinking
•
Detail Oriented
•
Mentorship
•
Problem Solving

Roles & Responsibilities

Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field; equivalent professional experience may be considered in lieu of formal education
5+ years of experience in SOC operations, security monitoring, and incident response
Desirable certifications such as CISSP, CASE, OSCP, CSSLP, GIAC, or equivalent
Technical proficiency with SIEM/EDR tools and knowledge of software supply chain security, CI/CD security integration, and secure coding practices

Requirements:

Design and implement security controls for third-party software dependencies and open-source components
Monitor, detect, investigate, and respond to security incidents
Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
Conduct deep-dive investigations into software supply chain security threats, including compromised dependencies and malicious packages

ConsultNet

Hrtech: Human Resources + Technology

About ConsultNet

Since 1996, ConsultNet has empowered technology performance by providing startups, mid-size companies and large enterprises across North America with superior tech talent and solutions needed to innovate, compete and go farther. Dedicated to high-touch talent delivery and high-integrity partnerships, we enable technology initiatives and innovations through IT staffing services, project-based solutions and TechBridge, a TN visa solution for highly qualified talent from Mexico and Canada. With business in 45 states, ConsultNet has expertise in banking, financial services, communications and healthcare, and many other verticals. We provide IT talent in analysis, architecture and design; app development, infrastructure, systems development and support, technical and data center support; and more. Our impressive experience, deep relationships, extensive network and growing database make us a valuable resource for clients and consultants alike. In the last two years, we placed 1500 consultants and served 300 clients with contract, contract-to-hire and direct hire talent, and project-based teams. For our consultants, we provide unparalleled support, training, benefits and other perks that enrich job opportunities. Driven by our core values of teamwork, integrity and professionalism, ConsultNet prizes people and relationships and we have the industry recognition to prove it. We thrive in an empowering culture dedicated to exceeding expectations. That means routinely going farther to understand client needs, to develop custom solutions, to ensure the best fit and to drive exceptional success. Ultimately, resulting in remarkable retention, a stellar client satisfaction rate and multiple awards. Proud to be a strategic business partner for our clients and consultants, we are committed to advancing technology and generating business results. With a rich history and an ongoing commitment to innovation, we embrace ambition, pursue progress and enjoy momentum. We go farther.

Company type: SME

Industry: Hrtech: Human Resources + Technology

Founded: 2018

Company size: 201 - 500

Website LinkedIn See all jobs →

Job description

Title: Sr. SOC Engineer
Location : Remote
Target Start Date : ASAP
Type: contract
Pay Rate: DOE

About the Role

We are seeking a highly skilled Senior SOC Security Engineer with deep expertise in Application Security to join a dynamic cybersecurity team. This role requires flexibility to support a 24x7x365 Security Operations Center, including regular off-hours coverage.

The position blends real-time threat detection and incident response with proactive application security strategies to protect enterprise digital assets and infrastructure. As a senior member of the SOC, you will lead incident response efforts, mentor junior analysts, and collaborate closely with engineering teams to embed security throughout the software development lifecycle (SDLC).

Key Responsibilities

Design and implement security controls for third-party software dependencies and open-source components
Monitor, detect, investigate, and respond to security incidents
Develop and execute vulnerability management strategies with emphasis on exploitability and reachability analysis
Conduct deep-dive investigations into software supply chain security (SSCS) threats, including compromised dependencies and malicious packages
Perform proactive threat hunting for emerging attack vectors
Assess and mitigate risks associated with software dependencies across enterprise systems and applications
Lead incident response efforts related to identity-based attacks and supply chain compromises
Develop detection use cases and threat models specific to SSCS attack vectors
Establish security practices for evaluating, vetting, and approving third-party packages and libraries
Collaborate with DevOps and engineering teams to integrate security controls into CI/CD pipelines
Analyze third-party vulnerabilities (CVEs) in an enterprise context and partner with engineering teams on remediation efforts

Required Skills & Qualifications

Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field
Equivalent professional experience may be considered in lieu of formal education
5+ years of experience in SOC operations, security monitoring, and incident response
Desired certifications include CISSP, CASE, OSCP, CSSLP, GIAC, or equivalent

Technical Skills

SIEM and EDR tools: Experience with platforms such as Splunk, Sentinel, QRadar, CrowdStrike, or similar
Strong understanding of software supply chain security attack vectors (e.g., dependency confusion, compromised packages, malicious commits, backdoors)
In-depth knowledge of package managers (npm, PyPI, Maven, NuGet, etc.) and associated security risks
Hands-on experience with artifact repository management tools
Application security tools: SAST, DAST, and SCA tools (e.g., Veracode, Burp Suite, SonarQube or equivalents)
Secure coding practices: Deep understanding of OWASP Top 10, SANS Top 25, and remediation techniques
Cloud security: Familiarity with AWS, Azure, or GCP security configurations and container security
Proficiency with software composition analysis (SCA) tools and vulnerability reachability concepts
Experience integrating security controls into CI/CD pipelines
Familiarity with DevSecOps principles and practices

Soft Skills & Leadership

Strong analytical and problem-solving skills with attention to detail
Excellent written and verbal communication skills for cross-functional collaboration
Proven ability to mentor junior analysts and lead incident response initiatives

Welcome to ConsultNet, a premier national provider of technology talent and solutions. Our expertise spans across project services, contract-to-hire, direct search, and managed services onshore, nearshore, and hybrid.
For over 25 years, we have connected thousands of consultants with meaningful roles through a personal, communication-driven approach, partnering with a diverse client base to build high-performing teams and create lasting impact.
Our comprehensive service offerings cover a wide range of technology and engineering positions across key markets nationwide. Learn more at www.consultnet.com .

We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.