Senior SOC Analyst- Incident Response & Detection

At GHD we dont just believe in the power of commitment we live and breathe it every day.

Thats why we pledge to support and empower all our people to make a positive impactdriving change and delivering technology solutions that enable our business and clients to thrive. Well help you accelerate your career and empower you with the right technology and training as you lead and innovate. Together with your colleagues clients and partners youll make an impact that is felt by all. See where your commitment could take you.

Who are we looking for

Were looking for a senior incident response leader not just a SOC analyst who works security cases.
This role is suited to someone who has personally led and coordinated major cyber security incidents in large enterprise environments owning the investigation response decisions and outcomes endtoend. That includes working confidently across SOC infrastructure identity cloud and application teams engaging senior technical leaders and executives during live incidents and producing clear defensible postincident reports.

Microsoft Sentinel is the primary operational platform and candidates are expected to be comfortable operating across the full incident lifecycle within Sentinel. However incident response judgement coordination and leadership come first. Successful candidates can apply established incident response methodologies even when tooling is unavailable or incomplete.

This role contributes to improving how incidents are handled across the shift by applying strong incidentresponse judgement disciplined investigation practices and collaborative ways of working with accountability for independent decisionmaking.

Responsibilities:

Incident Response & Investigation (Primary)

• Lead and coordinate investigation of highseverity and complex security incidents
• Establish incident scope impact and likely root cause using Microsoft Sentinel and Defender XDR
• Direct containment and response actions in partnership with IT and infrastructure teams
• Ensure incidents are fully documented evidence is preserved and outcomes are defensible
• Support postincident reviews and drive practical lessons learned

Detection Engineering & Threat Hunting

• Develop tune and maintain Microsoft Sentinel analytics rules
• Perform hypothesisdriven threat hunting using Sentinel and Defender Advanced Hunting
• Improve signal quality and reduce false positives through iterative tuning
• Collaborate on internal purpleteam activities (attack simulation outcomes to detection improvements)

SOC Capability Uplift

• Act as a technical mentor for junior and midlevel SOC analysts
• Review investigations and provide constructive feedback
• Help define investigation standards playbooks and escalation thresholds
• Promote curiosity analytical thinking and disciplined incident handling

Hybrid SOC & Stakeholder Engagement

• Work effectively with the MSSP to ensure highquality alert triage and escalation
• Provide clear timely technical guidance during active incidents
• Translate technical findings into concise businessrelevant impact statements
• Support the SOC Manager with technical insight for decisionmaking and prioritization

Scope Clarification

This role does not own:

• Vulnerability remediation
• Security awareness programs
• Risk acceptance or policy ownership

This role does provide expert input where incidents detections or active threats are involved

Skills and Competencies:

Required

• Strong handson experience in security incident response within enterprise environments
• Proven expertise with Microsoft Sentinel (analytics incidents investigations)
• Strong understanding of Microsoft Defender XDR and identitybased attacks
• Confident investigator with the ability to form and test hypotheses
• Calm and decisive under pressure
• Clear communicator - able to brief both technical and nontechnical stakeholders

Desirable

• Experience mentoring or uplifting less experienced analysts
• Exposure to breach and attack simulation purple teaming or redteam collaboration
• Familiarity with hybrid cloud environments (AAD Entra M365 Azure)

Experience and Qualifications:

• 5 years in Security Operations and Incident Response roles
• Demonstrated experience leading or owning security investigations
• Experience in a large complex or global organisation
• Certifications (One or more desirable)
• Microsoft SC200 (Security Operations Analyst)
• Microsoft AZ500
• GCED / GCIA / GCIH (or equivalent)
• CISSP CISM or similar (beneficial not mandatory)
• Practical experience and investigative capability are prioritized over certifications.

Benefits:

Salary Range Depending on Experiences: $87975.00-$146625.00

• 401K - Employees are eligible to participate on the first day of the month following 3 months of service
• Paid time off Our PTO benefit is designed to provide eligible employees with a period of rest and relaxation sick and personal time throughout the year. PTO starts at 16 days per year and increases with years of service
• Holiday Pay - Holiday pay is provided for eligible employees. GHD observes 9 holidays per year. Holiday pay will be based on the regular set schedule for the employee
• Wellness Benefit- Regular full-term employees are eligible to participate in the wellness reimbursement program. GHD will reimburse 50% of the cost of the following to maximum of $250.00 reimbursement annually for such items as: Health club membership fees Home exercise equipment purchases Bicycles Race run & marathon entrance fees Smoking cessation programs Weight loss programs ( Watchers Jenny Craig) Fitbits and Fitness Tracking devices

Take on some of the worlds toughest challenges - with everyone at GHD backing you every step of the way.

Well give you control over your career empower you to find innovative solutions and help you create a lasting impact.

See where your commitment could take you with GHD.

EEO Statement US: As a multicultural organization we encourage individual achievement and recognize the strength of a diverse workforce. GHD is an equal opportunity employer. We provide equal employment opportunities to all qualified employees and applicants without regard to race creed religion national origin citizenship color sex sexual orientation gender identity age disability marital status or veteran status.

#LI-RM1