SOC Analyst

Equal Opportunity Employer

Ingersoll Rand is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.

Job title: Security Operations Center (SOC) Analyst II
Location: Remote/Hybrid

Imagine a company with technology leadership of over 160 years, yet it operates with the energy of a startup. Ingersoll Rand has dedicated itself to Making Life Better for its employees, customers, shareholders, and planets. We produce innovative and mission‑critical flow creation and life science technologies – from compressors to precision handling of liquids, gasses, and powers – to increase industrial productivity, efficiency, and sustainability.

Supported by over 80+ brands, our products are used in various end markets including life sciences, food and beverage, clean energy, industrial manufacturing, infrastructure, and more.

As a SOC Analyst II, you’ll be on the front line of cybersecurity – monitoring, investigating, and responding to real‑world threats across a distributed manufacturing environment spanning both traditional IT and OT/ICS networks. You’ll be a hands‑on contributor within the Security Operations Center, working a high‑volume alert queue, triaging suspicious activity, and driving incidents toward resolution with speed and precision. From phishing and account compromise to anomalous system behavior, you’ll connect the dots quickly and help contain risk before it escalates.

This role is built for someone with proven, hands‑on SOC experience. You should be comfortable using SIEM and EDR platforms such as Splunk, Sentinel, or Crowd Strike to investigate activity, assess risk, and respond with minimal ramp‑up. Speed matters here. You’ll help meet response SLAs and support a 2 PM – 10 PM ET schedule to bridge a critical gap in global SOC coverage. This position also requires U.S. citizenship due to the nature of the systems and future regulated work.

Beyond traditional SOC work, you’ll help strengthen automation, detection engineering, smarter alerting, and response workflows that keep operations resilient. Partnering across Security, IT, Operations, Legal, HR, and external detection partners, you’ll help protect the people, products, and processes that power the business – including critical systems supporting industrial, defense, and future‑facing operations.

• Monitor, triage, and document security events across endpoint, network, cloud, and OT/ICS telemetry in a 24x7 operational environment.
• Operate, optimize, and tune detection rules, correlating alerts across multiple platforms to maintain unified visibility and platform health.
• Build, maintain, and improve automation and orchestration workflows that streamline alert triage, response actions, and cross‑tool integrations to reduce analyst toil and improve response time.
• Develop and tune MITRE ATT&CK‑aligned detection use cases, translating detection gaps into new logic, automation, or process improvements.
• Support incident response on escalated events, including triage, remediation, root cause analysis, and post‑incident documentation.
• Conduct threat hunting across event data alongside the security engineering and advanced threats teams to surface activity missed by standard monitoring.
• Adhere to SLAs, metrics, and ticket‑handling obligations while contributing to runbook, playbook, and procedure development.
• Support HR‑ and Legal‑driven security actions, including emergency account terminations and evidence preservation for legal holds, executed with strict chain‑of‑custody discipline and discretion.

• Must be a U.S. Citizen for this position.
• 3+ years of information security monitoring, response, or related experience.
• Hands‑on experience with SIEM, EDR/XDR, and…