Cybersecurity SOC Engineer

Join Rocket EMS – Building Tomorrow’s Technology Today

At Rocket EMS, we don’t just build circuit boards — we bring cutting-edge technology to life. From Silicon Valley to Northern Nevada, our teams manufacture mission-critical electronics for the world’s most innovative companies. If you want to be part of a fast-growing team that pushes the limits of what’s possible, we have opportunities for you.

🚀 Why Rocket EMS?

• Be part of a team building cutting-edge electronics used in aerospace, medical, automotive, and high-tech industries.
• Work with advanced equipment in modern facilities located in California and Nevada.
• Grow your skills and career in a company that values precision, innovation, and teamwork

Position Summary

Rocket EMS is seeking a highly skilled, hands-on Senior Cybersecurity SOC Engineer to join our elite, fast-growing Cybersecurity team. This is not a SOC Analyst, GRC, or managerial-only role — we’re looking for a true technical Subject Matter Expert (SME) with deep experience in SOC engineering, threat hunting, incident response, and cloud security.

Reporting to the Cybersecurity Manager, you will own and shape our SOC engineering practice across Microsoft Sentinel SIEM/SOAR, CrowdStrike EDR, Microsoft Defender for Endpoint (MDE), Palo Alto Firewalls/IPS/IDS, CNAAP, and Azure cloud environments. You’ll lead the development and execution of Incident Response plans, tabletop exercises, threat hunting initiatives, alert optimization, and SOC automation projects.

Key Responsibilities

• SOC Engineering & Optimization – Build, configure, and optimize Microsoft Sentinel SIEM/SOAR for on-premises and cloud environments; tune alerts, dashboards, and analytic rules.
• Threat Hunting & Investigation – Conduct proactive threat hunting and deep-dive investigations across endpoints, network, on-prem, and Azure workloads.
• SOAR Integration & Automation – Design and maintain automated playbooks leveraging Sentinel, CrowdStrike, MDE, and Palo Alto platforms; script automation in KQL, Python, and PowerShell.
• Incident Response Leadership – Develop and maintain enterprise Incident Response (IR) plans; lead tabletop exercises and coordinate IR efforts across teams.
• Cloud Security – Implement and investigate threats within Azure environments, including Microsoft 365 security, Entra ID (Azure AD), Conditional Access, and adaptive MFA.
• Data Feed Management – Onboard, normalize, and optimize log/data feeds from endpoints, networks, and security platforms.
• Detection Engineering – Develop and fine-tune KQL queries, UEBA rules, and automation scripts for actionable threat detection.
• Collaboration & Mentorship – Partner with Managed SOC teams, IT, and other stakeholders to optimize operations; mentor junior engineers.
• Continuous Improvement – Conduct SOC gap analyses, enhance alert prioritization, and improve overall operational efficiency.

Required Experience & Skills

• U.S. Citizen or Green Card holder (required)
• 7 years of hands-on SOC engineering or cybersecurity experience
• Deep technical expertise in:
• Microsoft Sentinel SIEM/SOAR (alerting, dashboards, KQL, automation)
• CrowdStrike Falcon EDR (RTR, IOAs/IOCs, detection tuning)
• Microsoft Defender for Endpoint (MDE) – endpoint and cloud
• Palo Alto Firewalls, IPS/IDS, CNAAP
• Azure cloud security and Microsoft 365 security services

Proven Experience With

• Building and leading enterprise Incident Response plans and tabletop exercises
• Threat hunting, advanced investigation, and mitigation
• Data feed onboarding and normalization for SIEM platforms
• Scripting and automation in KQL, Python, and PowerShell
• Strong understanding of MITRE ATT&CK, adversary TTPs, and detection engineering principles
• Excellent communication, mentorship, and cross-functional collaboration skills

Preferred Certifications

• CISSP, GCFA, GCIH, GCTI, SC-200, AZ-500, or equivalent hands-on experience
• MITRE ATT&CK Defender (MAD), OSCP, Red Team, or other technical certifications