Senior SOC Analyst- Incident Response & Detection

At GHD, we don’t just believe in the power of commitment, we live and breathe it every day.

That’s why we pledge to support and empower all our people to make a positive impact—driving change and delivering technology solutions that enable our business and clients to thrive. We’ll help you accelerate your career and empower you with the right technology and training as you lead and innovate. Together with your colleagues, clients, and partners, you’ll make an impact that is felt by all. See where your commitment could take you.

Who are we looking for?

We’re looking for a senior incident response leader, not just a SOC analyst who works security cases.
This role is suited to someone who has personally led and coordinated major cyber security incidents in large enterprise environments, owning the investigation, response decisions, and outcomes end‑to‑end. That includes working confidently across SOC, infrastructure, identity, cloud, and application teams, engaging senior technical leaders and executives during live incidents, and producing clear, defensible post‑incident reports.

Microsoft Sentinel is the primary operational platform, and candidates are expected to be comfortable operating across the full incident lifecycle within Sentinel. However, incident response judgement, coordination, and leadership come first. Successful candidates can apply established incident response methodologies even when tooling is unavailable or incomplete.

This role contributes to improving how incidents are handled across the shift by applying strong incident‑response judgement, disciplined investigation practices, and collaborative ways of working, with accountability for independent decision‑making.

Responsibilities:

Incident Response & Investigation (Primary)

• Lead and coordinate investigation of high‑severity and complex security incidents
• Establish incident scope, impact, and likely root cause using Microsoft Sentinel and Defender XDR
• Direct containment and response actions in partnership with IT and infrastructure teams
• Ensure incidents are fully documented, evidence is preserved, and outcomes are defensible
• Support post‑incident reviews and drive practical lessons learned

Detection Engineering & Threat Hunting

• Develop, tune, and maintain Microsoft Sentinel analytics rules
• Perform hypothesis‑driven threat hunting using Sentinel and Defender Advanced Hunting
• Improve signal quality and reduce false positives through iterative tuning
• Collaborate on internal purple‑team activities (attack simulation outcomes to detection improvements)

SOC Capability Uplift

• Act as a technical mentor for junior and mid‑level SOC analysts
• Review investigations and provide constructive feedback
• Help define investigation standards, playbooks, and escalation thresholds
• Promote curiosity, analytical thinking, and disciplined incident handling

Hybrid SOC & Stakeholder Engagement

• Work effectively with the MSSP to ensure high‑quality alert triage and escalation
• Provide clear, timely technical guidance during active incidents
• Translate technical findings into concise, business‑relevant impact statements
• Support the SOC Manager with technical insight for decision‑making and prioritization

Scope Clarification

This role does not own:

• Vulnerability remediation
• Security awareness programs
• Risk acceptance or policy ownership

This role does provide expert input where incidents, detections, or active threats are involved

Skills and Competencies:

Required

• Strong hands‑on experience in security incident response within enterprise environments
• Proven expertise with Microsoft Sentinel (analytics, incidents, investigations)
• Strong understanding of Microsoft Defender XDR and identity‑based attacks
• Confident investigator with the ability to form and test hypotheses
• Calm and decisive under pressure
• Clear communicator - able to brief both technical and non‑technical stakeholders 

Desirable

• Experience mentoring or uplifting less experienced analysts
• Exposure to breach and attack simulation, purple teaming, or red‑team collaboration
• Familiarity with hybrid cloud environments (AAD, Entra, M365, Azure)

Experience and Qualifications:

• 5+ years in Security Operations and Incident Response roles
• Demonstrated experience leading or owning security investigations
• Experience in a large, complex, or global organisation
• Certifications (One or more desirable)
• Microsoft SC‑200 (Security Operations Analyst)
• Microsoft AZ‑500
• GCED / GCIA / GCIH (or equivalent)
• CISSP, CISM, or similar (beneficial, not mandatory)
• Practical experience and investigative capability are prioritized over certifications.

Benefits: 

Salary Range Depending on Experiences: $87,975.00-$146,625.00

• 401K - Employees are eligible to participate on the first day of the month following 3 months of service
• Paid time off – Our PTO benefit is designed to provide eligible employees with a period of rest and relaxation, sick, and personal time throughout the year. PTO starts at 16 days per year and increases with years of service
• Holiday Pay - Holiday pay is provided for eligible employees. GHD observes 9 holidays per year. Holiday pay will be based on the regular set schedule for the employee
• Wellness Benefit- Regular full-term employees are eligible to participate in the wellness reimbursement  program. GHD will reimburse 50% of the cost of the following to maximum of $250.00 reimbursement annually for such items as: Health club membership fees, Home exercise equipment purchases, Bicycles, Race, run & marathon entrance fees, Smoking cessation programs, Weight loss programs (i.e.—Weight Watchers, Jenny Craig), Fitbits and Fitness Tracking devices

Take on some of the world’s toughest challenges - with everyone at GHD backing you every step of the way. 
We'll give you control over your career, empower you to find innovative solutions and help you create a lasting impact.
See where your commitment could take you with GHD.

EEO Statement US: As a multicultural organization, we encourage individual achievement and recognize the strength of a diverse workforce. GHD is an equal opportunity employer. We provide equal employment opportunities to all qualified employees and applicants without regard to race, creed, religion, national origin, citizenship, color, sex, sexual orientation, gender identity, age, disability, marital status or veteran status.

#LI-RM1