SOC Engineer II

Description

Primary responsibilities include monitoring, investigating, triaging, and responding to alerts from SIEM, EDR, firewalls, email security, and cloud platforms. The engineer will perform advanced network analysis, packet‑capture review, flow analysis, and log analysis across cloud, endpoint, network, identity, and applications, and will develop and refine detection rules, playbooks, and automation opportunities.

Secondary duties involve supporting major incidents with forensic analysis, containment, and root‑cause investigations, preparing incident timelines, and contributing to threat‑hunting, tabletop exercises, and post‑incident reviews. The role also includes creating training materials, hands‑on labs, and providing feedback to improve Tier I alert handling.

• Monitor, triage, and respond to security alerts from SIEM, EDR, firewalls, email, and cloud platforms.
• Perform advanced network analysis, including packet capture review and traffic anomaly detection.
• Conduct comprehensive log analysis across cloud, endpoint, network, identity, and application systems.
• Lead investigations using SentinelOne EDR and Google Chronicle SIEM; develop and refine detection rules.
• Create, maintain, and optimize SOC playbooks, runbooks, and escalation procedures; automate processes where possible.
• Participate in on‑call rotation and support the Incident Response team with containment, forensics, and root‑cause analysis.
• Conduct threat hunting, tabletop exercises, and post‑incident reviews to improve security posture.
• Mentor and train SOC Engineer I, developing training labs and procedural documentation.

Requirements

IEM seeks a SOC Engineer II with strong hands‑on experience in security operations and a solid foundation in Incident Response. The role emphasizes Tier II analysis, threat detection, and response while supporting containment and remediation alongside the Cyber Incident Response Team. The engineer will also mentor a SOC Engineer I to build team maturity.

Candidates need at least three years of SOC or equivalent cybersecurity experience, strong network protocol and log analysis skills, and hands‑on expertise with SentinelOne EDR and Google Chronicle SIEM. Familiarity with Azure AD, Microsoft 365 security, MITRE ATT&CK, NIST, ISO 27001, and SOC2 frameworks is required, along with strong analytical, communication, and organizational abilities.

Preferred qualifications include a bachelor's degree in cybersecurity or a related field, relevant certifications such as CompTIA Security+, CySA+, Microsoft security, and SentinelOne training, and experience in electrical manufacturing, industrial control systems, or OT environments. Knowledge of NERC CIP, IEC 62443, SOAR platforms, and scripting in Python or PowerShell is advantageous.

The position is fully remote with up to 10% travel to IEM facilities, supplier sites, audits, or conferences, and is not open to applicants residing in California.

• Possess 3+ years of SOC experience with strong network protocol, firewall, and EDR investigation skills.
• Experience with SentinelOne, Google Chronicle, Azure AD, Microsoft 365, and security frameworks (MITRE ATT&CK, NIST, ISO 27001).
• Hold relevant certifications (CompTIA Security+, CySA+, Microsoft security, SentinelOne) and a degree in cybersecurity or related field.
• Familiarity with industrial control systems, OT environments, and standards such as NERC CIP and IEC 62443.
• Ability to script automation in Python or PowerShell and work with SOAR platforms.
• Remote role with up to 10% travel; not open to California residents.

Benefits

IEM offers a comprehensive benefits package, a collaborative engineering culture, and a commitment to non‑discrimination and privacy. Candidates are warned to beware of recruiting scams; IEM never charges fees and all official communications come from an @iemfg.com address.

Training + Development

Interview process

Visa Sponsorship

Security clearance