SOC Analyst & Incident Response Lead

About The Position

Requirements

• 5+ years of experience in a Security Operations Center or Incident Response role.
• Proven experience leading major incident response efforts (e.g., ransomware, APT, data breaches).
• Strong forensic analysis skills (disk, memory, log, and network forensics).
• Advanced proficiency in SIEM platforms (preferably Microsoft Sentinel), EDR tools (Defender for Endpoint), and forensic toolsets.
• Understanding of attacker TTPs mapped to MITRE ATT&CK and threat hunting methodologies.
• Hands-on experience with scripting and automation (e.g., PowerShell, Python) to streamline investigations and response.
• Knowledge of security controls, network protocols, operating systems, and cloud environments (Azure).
• Strong communication skills and ability to present technical findings to non-technical stakeholders.
• Must be available to work outside of working hours when necessary.

Nice To Haves

• GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH)
• CISSP, OSCP, GCIA, or equivalent
• Microsoft certifications: SC-200, SC-300, AZ-500
• Calm and decisive under pressure
• Analytical and detail-oriented
• Strong leadership and collaboration skills
• Proactive approach to process optimization and threat mitigation
• Passion for continuous learning and capability development

Responsibilities

• Act as the final escalation point for complex security alerts and incidents identified through Azure Sentinel and other security monitoring tools.
• Conduct in-depth digital forensic investigations across endpoints, networks, and cloud infrastructure (Azure, M365, Microsoft Dynamics etc.).
• Perform malware analysis, reverse engineering, and memory/disk analysis to support incident triage and response.
• Provide expert-level guidance to Tier 1 and Tier 2 SOC analysts; coach and mentor to raise team capabilities.
• Correlate threat intelligence with incident data to understand adversary behavior and campaign objectives.
• Collaborate with SIEM engineers to tune, develop, and optimize detection use cases, particularly for emerging threats.
• Maintain documentation of playbooks, threat scenarios, and incident patterns.
• Assist in management of suite of security tools.
• Lead and coordinate the end-to-end incident response lifecycle, from detection through containment, eradication, and recovery.
• Own and maintain IR documentation including incident tracking, timelines, RCA, and after-action reports.
• Liaise with the CSIRT team and relevant business stakeholders during critical incidents.
• Lead post-incident reviews and facilitate lessons learned workshops, contributing to policy, procedure, and control improvements.
• Drive continuous process improvement across SOC and IR operations, ensuring integration with change and problem management.
• Ensure executive-level incident reporting and briefings are prepared and delivered as needed.

Benefits

• bonus potential
• health insurance
• dental insurance
• vision insurance