Job title: Security Operations Center (SOC) Analyst II

Location: Remote/Hybrid

Job Overview:
As a SOC Analyst II, you'll be on the front line of cybersecurity - monitoring, investigating, and responding to real-world threats across a distributed manufacturing environment spanning both traditional IT and OT/ICS networks. You'll be a hands-on contributor within the Security Operations Center, working a high-volume alert queue, triaging suspicious activity, and driving incidents toward resolution with speed and precision. From phishing and account compromise to anomalous system behavior, you'll connect the dots quickly and help contain risk before it escalates.

This role is built for someone with proven, hands-on SOC experience - not classroom-only exposure. You should be comfortable using SIEM and EDR platforms such as Splunk, Sentinel, or CrowdStrike to investigate activity, assess risk, and respond with minimal ramp-up. Speed matters here. You'll help meet response SLAs, acknowledge alerts within minutes, and support a 2 PM - 10 PM ET schedule to bridge a critical gap in global SOC coverage. This position also requires U.S. citizenship due to the nature of the systems and future regulated work.

But this role goes beyond traditional SOC work. You'll help strengthen automation, detection engineering, smarter alerting, and response workflows that keep operations resilient. Partnering across Security, IT, Operations, Legal, HR, and external detection partners, you'll help protect the people, products, and processes that power the business - including critical systems supporting industrial, defense, and future-facing operations.

Responsibilities:

• Monitor, triage, and document security events across endpoint, network, cloud, and OT/ICS telemetry in a 24x7 operational environment.
• Operate, optimize, and tune detection rules, correlating alerts across multiple platforms to maintain unified visibility and platform health.
• Build, maintain, and improve automation and orchestration workflows that streamline alert triage, response actions, and cross-tool integrations to reduce analyst toil and improve response time.
• Develop and tune MITRE ATT&CK-aligned detection use cases, translating detection gaps into new logic, automation, or process improvements.
• Support incident response on escalated events, including triage, remediation, root cause analysis , and post-incident documentation.
• Conduct threat hunting across event data alongside the security engineering and advanced threats teams to surface activity missed by standard monitoring.
• Adhere to SLAs, metrics, and ticket-handling obligations while contributing to runbook, playbook, and procedure development.
• Support HR- and Legal-driven security actions, including emergency account terminations and evidence preservation for legal holds, executed with strict chain-of-custody discipline and discretion.

Requirements:

• Must be a US Citizen for this position
• 3+ years of information security monitoring, response, or related experience.
• Hands-on experience with SIEM, EDR/XDR, and threat intelligence platforms, including alert management and detection tuning.
• Demonstrated experience building and maintaining production automation or SOAR workflows.
• Proficiency in Python and/or Bash scripting in a security context.
• Working knowledge of MITRE ATT&CK and its practical application to detection and response.

Core Competencies:

• Communicates effectively with both technical and non-technical stakeholders, adapting messaging to the audience.
• Applies an analytical, problem-solving mindset, approaching investigations with curiosity and rigor.
• Stays organized and efficient while managing multiple priorities under pressure.
• Exercises sound judgment and makes clear decisions in complex, fast-moving situations.
• Maintains a high degree of integrity and discretion when handling sensitive matters.

Preferences:

• Experience in a manufacturing, industrial, or OT/ICS environment.
• Proficiency with KQL for detection and investigation.
• Relevant certifications such as SANS GCIH, GCIA, or GDAT (CISSP a plus); actively pursuing a relevant certification is acceptable in lieu of an existing credential.
• Knowledge of compliance frameworks such as CMMC, NIST, PCI, SOX, or HIPAA.
• Bachelor's degree in computer science, information assurance, cybersecurity, MIS, or a related field, or equivalent practical experience.

Travel & Work Arrangements/Requirements

• Remote/hybrid work arrangement supporting a 24x7 SOC, which includes participation in an on-call/shift rotation.
  
  • Minimal anticipated travel; occasional travel to manufacturing or corporate sites may be required to support security operations.

Pay Range: The base pay range for this role is $95,000 - $115,000 annually. The pay range considers a wide range of factors that include a candidate's skills; experience and training; licensure and certifications; and geographic location.

What We Offer
At Ingersoll Rand, we embrace a culture of personal ownership - taking responsibility for our company, our communities, and our environment, as well as our individual health and well-being. Our comprehensive benefits package is designed to empower you with the tools and support necessary to take charge of your health, ensuring that together, we can continue to make life better. Our range of benefits includes health care options like medical and prescription plans, dental and vision coverage, as well as wellness programs. Additionally, we provide life insurance, a robust 401(k) plan, paid time off, and even an employee stock grant, among other offerings. These benefits are our commitment to you, so you can be your best at work and beyond.