Job description

Cyber Software Engineer - Incident Response (Contract) Location: Hybrid - 1 day/week onsite in Seattle, WA Duration: 6-month renewable contract Experience Level: 4+ years Pay: 75 $/hr - 95 $/hr About the Role We're seeking a Cyber Software Engineer to join our client's Incident Response & Security Engineering team. You'll design, develop, and test secure software and systems that enable rapid detection, response, and recovery from cybersecurity events. This role bridges incident response and secure software engineering, embedding security practices throughout the software development lifecycle (SDLC). You'll work closely with incident responders, threat analysts, and DevSecOps engineers to automate response workflows, enhance detection tools, and strengthen the organization's security posture. Key Responsibilities • Design, build, and maintain custom tools and platforms supporting cybersecurity operations and incident response. • Integrate security controls and automation into CI/CD pipelines and the full SDLC. • Develop and test software that collects, processes, and analyzes security telemetry (e.g., from SIEM, EDR, or cloud logs). • Collaborate with IR and SOC teams to translate incident patterns into detection and response logic. • Conduct code reviews and threat modeling to ensure security is considered from design to deployment. • Contribute to post-incident engineering by implementing durable fixes and automating recurring mitigation tasks. • Document designs, code, and procedures to meet compliance and audit requirements. Required Qualifications • 4+ years of professional experience in software engineering or DevSecOps. • Strong programming skills in Python, Go, or Java (Python preferred). • Experience building or maintaining security automation, detection, or response tools. • Familiarity with cloud environments (AWS, Azure, or GCP) and secure cloud architectures. • Working knowledge of incident response processes, including triage, containment, and remediation. • Understanding of secure coding practices, vulnerability management, and CI/CD security. • Solid grasp of networking, logging, and security telemetry (Syslog, CloudWatch, Splunk, etc.). Preferred Qualifications • Experience developing software in AWS environments (Lambda, S3, ECS, DynamoDB). • Background with infrastructure-as-code (Terraform, CloudFormation). • Exposure to forensics, malware analysis, or threat hunting tools and data. • Familiarity with container security (Docker, Kubernetes). • Security certifications such as GCIH, GCFA, OSCP, AWS Certified Security, or equivalent. GCS is acting as an Employment Business in relation to this vacancy.

Requirements