Rocket EMS is hiring: Cybersecurity SOC Engineer in Santa Clara

Join to apply for the Cybersecurity SOC Engineer role at Rocket EMS This range is provided by Rocket EMS. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range $170,000.00/yr - $190,000.00/yr Position Summary Rocket EMS is seeking a highly skilled, hands-on Senior Cybersecurity SOC Engineer to join our elite, fast-growing Cybersecurity team. This is not a SOC Analyst, GRC, or managerial-only role — we’re looking for a true technical Subject Matter Expert (SME) with deep experience in SOC engineering, threat hunting, incident response, and cloud security. Reporting to the Cybersecurity Manager , you will own and shape our SOC engineering practice across Microsoft Sentinel SIEM/SOAR , CrowdStrike EDR , Microsoft Defender for Endpoint (MDE) , Palo Alto Firewalls/IPS/IDS , CNAAP , and Azure cloud environments. You’ll lead the development and execution of Incident Response plans, tabletop exercises, threat hunting initiatives, alert optimization, and SOC automation projects. Key Responsibilities SOC Engineering & Optimization – Build, configure, and optimize Microsoft Sentinel SIEM/SOAR for on-premises and cloud environments; tune alerts, dashboards, and analytic rules. Threat Hunting & Investigation – Conduct proactive threat hunting and deep-dive investigations across endpoints, network, on-prem, and Azure workloads. SOAR Integration & Automation – Design and maintain automated playbooks leveraging Sentinel , CrowdStrike , MDE , and Palo Alto platforms; script automation in KQL , Python , and PowerShell . Incident Response Leadership – Develop and maintain enterprise Incident Response (IR) plans; lead tabletop exercises and coordinate IR efforts across teams. Cloud Security – Implement and investigate threats within Azure environments, including Microsoft 365 security , Entra ID (Azure AD) , Conditional Access , and adaptive MFA. Data Feed Management – Onboard, normalize, and optimize log/data feeds from endpoints, networks, and security platforms. Detection Engineering – Develop and fine-tune KQL queries , UEBA rules , and automation scripts for actionable threat detection. Collaboration & Mentorship – Partner with Managed SOC teams, IT, and other stakeholders to optimize operations; mentor junior engineers. Continuous Improvement – Conduct SOC gap analyses, enhance alert prioritization, and improve overall operational efficiency. Required Experience & Skills U.S. Citizen or Green Card holder (required) 7+ years of hands-on SOC engineering or cybersecurity experience Deep technical expertise in: CrowdStrike Falcon EDR (RTR, IOAs/IOCs, detection tuning) Microsoft Defender for Endpoint (MDE) – endpoint and cloud Azure cloud security and Microsoft 365 security services Proven Experience With Building and leading enterprise Incident Response plans and tabletop exercises Threat hunting , advanced investigation, and mitigation Data feed onboarding and normalization for SIEM platforms Scripting and automation in KQL , Python , and PowerShell Strong understanding of MITRE ATT&CK , adversary TTPs, and detection engineering principles Excellent communication, mentorship, and cross-functional collaboration skills Preferred Certifications CISSP , GCFA , GCIH , GCTI , SC-200 , AZ-500 , or equivalent hands-on experience MITRE ATT&CK Defender (MAD) , OSCP , Red Team , or other technical certifications Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries: Appliances, Electrical, and Electronics Manufacturing Medical insurance Vision insurance 401(k) #J-18808-Ljbffr