SOC Engineer II

About IEM

Industrial Electric Mfg. (IEM) is the largest independent full-line manufacturer of custom power distribution systems in North America. Founded more than 75 years ago in Fremont, California, IEM grew alongside Silicon Valley and today operates over 1.7 million square feet of manufacturing capacity. With $1B+ in annual sales and 10,000+ commissioned projects across technology, data centers, commercial, energy, utilities, healthcare, industrial, and infrastructure markets, IEM continues to deliver exceptional product quality, dependable service, and the flexibility to meet complex technical requirements at scale.

Position Summary

We are seeking a highly capable SOC Engineer II who brings strong hands-on security operations center experience and a foundational skill set in Incident Response. This role will focus heavily on SOC Tier II analysis, threat detection, and response activities while also assisting in containment and remediation efforts alongside the Cyber Incident Response Team.

In addition to direct operational responsibilities, this position is expected to ramp up quickly and later assist in training and mentoring a SOC Engineer I, helping build maturity and consistency across the SOC team.

Ideal Candidate Profile

The ideal candidate will have a proven track record in network and log analysis, EDR investigation and response, and the ability to write and refine operational playbooks. Experience with SentinelOne EDR, Google Chronicle SIEM, and Microsoft cloud environments is strongly preferred. Prior exposure to cybersecurity considerations in electrical manufacturing, industrial control systems (ICS), or operational technology (OT) environments is a significant advantage.

Key Responsibilities

Security Operations (Primary Responsibilities)

• Monitor, investigate, triage, and respond to security alerts generated from SIEM, EDR, firewalls, email security, cloud platforms, and other security tools.
• Perform advanced network analysis, including packet capture review, flow analysis, and traffic anomaly detection.
• Conduct log analysis across diverse systems (cloud, endpoint, network, identity, and applications).
• Assist with EDR investigations and response actions using tools such as SentinelOne (preferred).
• Analyze threats, malware behavior, and attack patterns to determine risk and recommend or implement remediation steps.
• Collaborate with internal teams to improve detection rules, alerting logic, and data enrichment within Google Chronicle or other SIEM technologies.
• Develop, maintain, and optimize SOC playbooks, runbooks, and escalation procedures.
• Assist with SOC process improvements, automation opportunities, and overall operational efficiency.
• Participate in On-Call rotation
  
  

Incident Response (Secondary Responsibilities)

• Support the Incident Response Team during major incidents, conducting forensic analysis, containment actions, and root cause investigations.
• Assist with preparing incident timelines, evidence collection, and communication updates.
• Participate in threat hunting activities to proactively identify anomalies and potential compromises.
• Contribute to tabletop exercises, purple team engagements, and post-incident reviews.
• Help strengthen organizational readiness through improved IR documentation and playbooks.
  
  

Training & Mentorship

• Participate in creating training materials, hands-on labs, and procedural documentation to elevate Tier I Engineer capabilities.
• Provide constructive feedback on alert handling, investigative quality, and escalation practices.
  
  

Supervision

This role will not directly lead other, will identify gaps and remediate security concerns.

Qualifications

Technical Skills

• 3+ years of experience in Security Operations Center (SOC) or equivalent cybersecurity Engineer role.
• Strong experience in:
• Network traffic and protocol analysis (TCP/IP, DNS, HTTP/S, SMTP, etc.)
• Log analysis across cloud, OS, and network systems
• EDR investigation and remediation
• Firewall fundamentals and policy review
• Threat detection and investigation workflows
  

Hands-on Experience With

• SentinelOne EDR (preferred) or similar (CrowdStrike, Carbon Black, etc.)
• Google Chronicle SIEM (preferred) or similar SIEM platforms
• Azure AD, Microsoft 365 security, and general Azure cloud services
  
  

Strong Understanding Of Security Frameworks And Concepts

• MITRE ATT&CK
• Cyber Kill Chain
• Incident Response lifecycle
• Common attacker TTPs
• SOC2, NIST (CSF),ISO 27001
• Ability to build and maintain SOC and IR playbooks, detection logic, and workflow documentation.
• Strong Understanding of Threat Hunting
  
  

Soft Skills

• Strong analytical, investigative, and problem-solving abilities.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Highly organized with strong attention to detail.
• Ability to work in a fast-paced environment with evolving priorities.
• Capable of balancing independent workload.
• Strong team collaboration.
  
  

Preferred Experience

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent practical experience).
• Relevant certifications, such as:
• CompTIA Security+
• CompTIA Network+
• CompTIA CySA+
• Security Blue Team Level 1 (BTL1)
• Microsoft Security certifications
• SentinelOne-specific training/certifications
  

Experience in Electrical Manufacturing, Industrial Control Systems (ICS), or Operational Technology (OT) environments, including:

• Understanding risks related to manufacturing systems and supply chain security
• Familiarity with NERC CIP, IEC 62443, or similar industrial cybersecurity standards
• Awareness of unique threat actors and attack vectors targeting manufacturing and electrical sectors
• Familiarity with SOAR platforms, automation pipelines, and custom scripting (Python, PowerShell).
  
  

Additional Relevant Capabilities For Electrical Manufacturing Cybersecurity

• Understanding of how cybersecurity events may affect production systems, uptime, and safety.
• Ability to coordinate with OT/ICS engineers during investigations involving plant-floor devices.
• Knowledge of segmentation best practices between IT and OT networks.
• Awareness of ransomware tactics targeting manufacturing operations.
• Familiarity with asset inventory challenges in mixed IT/OT environments.
  
  

Location

• The position is fully remote, but may require up to 10% travel to IEM facilities, supplier sites, compliance audits or conferences.
• This role is not currently open to applicants who reside in or plan to work from the state of California
  
  

Why Join IEM

At IEM, you’ll join a team that powers some of the world’s most ambitious projects. We’re engineers, makers, and problem-solvers who thrive on tackling complex challenges and delivering solutions that keep industries moving forward. If you’re driven, collaborative, and ready to make an impact, we’d love to hear from you. Your creativity and passion can help us achieve great things—come be part of the journey.

Learn more about IEM at https://www.iemfg.com

We offer comprehensive and competitive benefits package designed to support our employees' well-being, growth, and long-term success. View a snapshot of our benefits at https://www.iemfg.com/careers

Recruiting Scams

Beware of recruiting scams. IEM never charges candidates fees, and all recruiter emails come from an @iemfg.com address. If you suspect fraudulent activity, do not share personal information and report it to us at iemfg.com/contact

Non-Discrimination Statement

IEM does not discriminate against any applicant based on any characteristic protected by law.

Privacy

Information collected and processed as part of your IEM Careers profile, and any job applications you choose to submit is subject to IEM's Workforce Member Privacy Policy.