SOC Engineer II

About The Position

Requirements

• 3+ years of experience in Security Operations Center (SOC) or equivalent cybersecurity Engineer role.
• Strong experience in: Network traffic and protocol analysis (TCP/IP, DNS, HTTP/S, SMTP, etc.)
• Log analysis across cloud, OS, and network systems
• EDR investigation and remediation
• Firewall fundamentals and policy review
• Threat detection and investigation workflows
• Hands-on experience with: SentinelOne EDR (preferred) or similar (CrowdStrike, Carbon Black, etc.)
• Google Chronicle SIEM (preferred) or similar SIEM platforms
• Azure AD, Microsoft 365 security, and general Azure cloud services
• Strong understanding of security frameworks and concepts: MITRE ATT&CK
• Cyber Kill Chain
• Incident Response lifecycle
• Common attacker TTPs
• SOC2, NIST (CSF),ISO 27001
• Ability to build and maintain SOC and IR playbooks, detection logic, and workflow documentation.
• Strong Understanding of Threat Hunting
• Strong analytical, investigative, and problem-solving abilities.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Highly organized with strong attention to detail.
• Ability to work in a fast-paced environment with evolving priorities.
• Capable of balancing independent workload.
• Strong team collaboration.

Nice To Haves

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent practical experience).
• Relevant certifications, such as: CompTIA Security+
• CompTIA Network+
• CompTIA CySA+
• Security Blue Team Level 1 (BTL1)
• Microsoft Security certifications
• SentinelOne-specific training/certifications
• Experience in Electrical Manufacturing, Industrial Control Systems (ICS), or Operational Technology (OT) environments, including: Understanding risks related to manufacturing systems and supply chain security
• Familiarity with NERC CIP, IEC 62443, or similar industrial cybersecurity standards
• Awareness of unique threat actors and attack vectors targeting manufacturing and electrical sectors
• Familiarity with SOAR platforms, automation pipelines, and custom scripting (Python, PowerShell).
• Understanding of how cybersecurity events may affect production systems, uptime, and safety.
• Ability to coordinate with OT/ICS engineers during investigations involving plant-floor devices.
• Knowledge of segmentation best practices between IT and OT networks.
• Awareness of ransomware tactics targeting manufacturing operations.
• Familiarity with asset inventory challenges in mixed IT/OT environments.

Responsibilities

• Monitor, investigate, triage, and respond to security alerts generated from SIEM, EDR, firewalls, email security, cloud platforms, and other security tools.
• Perform advanced network analysis, including packet capture review, flow analysis, and traffic anomaly detection.
• Conduct log analysis across diverse systems (cloud, endpoint, network, identity, and applications).
• Assist with EDR investigations and response actions using tools such as SentinelOne (preferred).
• Analyze threats, malware behavior, and attack patterns to determine risk and recommend or implement remediation steps.
• Collaborate with internal teams to improve detection rules, alerting logic, and data enrichment within Google Chronicle or other SIEM technologies.
• Develop, maintain, and optimize SOC playbooks, runbooks, and escalation procedures.
• Assist with SOC process improvements, automation opportunities, and overall operational efficiency.
• Participate in On-Call rotation
• Support the Incident Response Team during major incidents, conducting forensic analysis, containment actions, and root cause investigations.
• Assist with preparing incident timelines, evidence collection, and communication updates.
• Participate in threat hunting activities to proactively identify anomalies and potential compromises.
• Contribute to tabletop exercises, purple team engagements, and post-incident reviews.
• Help strengthen organizational readiness through improved IR documentation and playbooks.
• Participate in creating training materials, hands-on labs, and procedural documentation to elevate Tier I Engineer capabilities.
• Provide constructive feedback on alert handling, investigative quality, and escalation practices.