Job Description
At Rocket EMS , we are seeking a highly skilled and experienced Senior SOC Engineer to join our Security Operations Center (SOC) team. This senior-level role is designed for professionals with a proven track record in SOC operations, cybersecurity engineering, and managing advanced security technologies. In this role, you will be instrumental in shaping and optimizing our SOC strategy, ensuring that our security posture is robust, responsive, and aligned with industry’s best practices.
You will work under the guidance of the Cybersecurity Operations Manager and collaborate closely with the Head of Cybersecurity to enhance our security monitoring and incident response capabilities. Your expertise will drive the design, deployment, and continuous improvement of our SOC tools and processes, enabling us to stay ahead of evolving cybersecurity threats.
Key Responsibilities:
SOC Tool Engineering & Optimization :
- Design, implement, and optimize SOC technologies and security infrastructure using Microsoft Sentinel as the core SIEM platform. Integrate and configure advanced security tools, including CrowdStrike Falcon for endpoint protection, Palo Alto, FortiGate, and Meraki for network security, Microsoft Entra ID with Adaptive MFA for identity management, and IDS/IPS solutions. Optimize log management and ensure seamless integration across SOC tools.
SOC Program Leadership :
- Collaborate with the Cybersecurity Operations Manager and Head of Cybersecurity to architect and streamline the SOC program. This includes defining and implementing SOC Standard Operating Procedures (SOPs) and runbooks for security monitoring and incident response.
Incident Response & Playbook Development :
- Lead the creation, refinement, and testing of the Incident Response Plan (IRP) , developing detailed response playbooks and runbooks that align with both business needs and industry best practices. Collaborate closely with SOC analysts, engineers, and cross-functional teams to ensure the organization is fully prepared for effective incident management.
Threat Hunting & Advanced Detection :
- Lead proactive threat hunting efforts using CrowdStrike Falcon and Microsoft Sentinel to detect IOA and IOC . Analyze logs , alerts , and security events to identify, investigate, and mitigate Advanced Persistent Threats (APTs) and other emerging security risks across endpoints, networks, and cloud environments.
Collaboration with MSOC Partner & Threat Eradication :
- Work closely with the MSOC partner to investigate security events , collaborate on threat hunting activities, and perform root cause analysis of security incidents. Lead incident eradication efforts to ensure that identified threats are fully contained and permanently mitigated.
SOAR Integration & Automation :
- Spearhead the development and implementation of SOAR playbooks within Microsoft Sentinel . Design and deploy automation workflows that streamline incident response, reduce manual intervention, increase detection speed, and improve overall SOC efficiency.
Security Strategy & Roadmap Contribution :
- Collaborate with the Head of Cybersecurity to influence the long-term security roadmap, ensuring that the SOC’s capabilities align with the organization’s broader cybersecurity strategy. Ensure compliance with industry standards and frameworks, including NIST 800-53 161, 171 , MITRE ATT&CK , and CIS Benchmarks .
Technical Skills Required:
- Microsoft Sentinel : Deep experience configuring and optimizing Microsoft Sentinel as a core SIEM platform, including custom analytics rules, log management, and SOAR playbooks .
- CrowdStrike Falcon : Advanced hands-on experience with CrowdStrike Falcon (including Falcon Complete and Falcon Overwatch ), IOA/IOC rule creation , threat hunting , and endpoint detection to identify and mitigate Advanced Persistent Threats (APTs) .
- Network Security Tools : Proficient in Palo Alto , FortiGate , and Meraki firewalls. Experience in IDS/IPS configuration , traffic analysis , and integrating these tools into SOC workflows for network security monitoring.
- Azure Cloud & Identity Management : Expertise in Microsoft Entra ID , Adaptive MFA , and Azure Active Directory to manage identities and authentication across the enterprise.
- Automation & Scripting : Strong experience with PowerShell and Python for building custom security automation scripts, developing SOAR playbooks, and streamlining SOC operations.
Qualifications:
Experience :
- Minimum 5-7 years of hands-on experience in a SOC or cybersecurity engineering role. Proficiency in configuring and managing Microsoft Sentinel , CrowdStrike Falcon , and network security technologies such as Palo Alto, FortiGate, and Meraki.
Certifications :
- CISSP , GCIH , GCIA , or equivalent cybersecurity certifications are preferred.
- CrowdStrike Certified or similar certifications are highly desirable.
Education :
- Bachelor’s degree in Cybersecurity , Information Technology , or a related field, or equivalent practical experience.
Skills & Abilities:
Leadership & Strategic Vision :
- Ability to guide and influence the development of a robust SOC program, collaborating with senior leadership to define strategy and align security initiatives with business objectives.
Problem-Solving & Critical Thinking :
- Strong analytical and critical thinking skills to solve complex security challenges and develop proactive security measures for emerging threats.
Collaboration & Communication :
- Excellent written and verbal communication skills, with the ability to collaborate with internal teams, external partners, and cross-functional technology teams to drive the success of the SOC program.
Proactive Mindset :
- A proactive cybersecurity mindset, staying ahead of emerging threats and constantly improving security measures to ensure the organization remains resilient against evolving risks.
Why Rocket EMS?
This position offers an exciting opportunity to significantly influence the SOC landscape and cybersecurity strategy at Rocket EMS. You’ll play a key role in driving the evolution of our security operations, enhancing our incident response capabilities, and ensuring that we remain at the forefront of cybersecurity best practices.
Job Tags