Senior SOC Analyst- Incident Response & Detection

Job Description

At GHD, we don’t just believe in the power of commitment, we live and breathe it every day. That’s why we pledge to support and empower all our people to make a positive impact—driving change and delivering technology solutions that enable our business and clients to thrive. We’ll help you accelerate your career and empower you with the right technology and training as you lead and innovate.

Together with your colleagues, clients, and partners, you’ll make an impact that is felt by all. See where your commitment could take you.

The Senior SOC Analyst is a hands‑on incident response specialist responsible for leading complex security investigations, driving effective containment, and uplifting the capability of the SOC through mentoring, detection improvement, and operational leadership.

This role acts as a technical escalation point within the SOC and plays a key role in shaping how Microsoft Sentinel and Defender XDR are used across the organization.

• Lead and coordinate investigation of high‑severity and complex security incidents
• Establish incident scope, impact, and likely root cause using Microsoft Sentinel and Defender XDR
• Direct containment and response actions in partnership with IT and infrastructure teams
• Ensure incidents are fully documented, evidence is preserved, and outcomes are defensible
• Support post‑incident reviews and drive practical lessons learned

• Develop, tune, and maintain Microsoft Sentinel analytics rules
• Perform hypothesis‑driven threat hunting using Sentinel and Defender Advanced Hunting
• Improve signal quality and reduce false positives through iterative tuning
• Collaborate on internal purple‑team activities (attack simulation outcomes to detection improvements)

• Act as a technical mentor for junior and mid‑level SOC analysts
• Review investigations and provide constructive feedback
• Help define investigation standards, playbooks, and escalation thresholds
• Promote curiosity, analytical thinking, and disciplined incident handling

• Work effectively with the MSSP to ensure high‑quality alert triage and escalation
• Provide clear, timely technical guidance during active incidents
• Translate technical findings into concise, business‑relevant impact statements
• Support the SOC Manager with technical insight for decision‑making and prioritization

This role does not own:

• Vulnerability remediation
• Security awareness programs
• Risk acceptance or policy ownership

This role does provide expert input where incidents, detections, or active threats are involved.

• Strong hands‑on experience in security incident response within enterprise environments
• Proven expertise with Microsoft Sentinel (analytics, incidents, investigations)
• Strong understanding of Microsoft Defender XDR and identity‑based attacks
• Confident investigator with the ability to form and test hypotheses
• Calm and decisive under pressure
• Clear communicator - able to brief both technical and non‑technical stakeholders

• Experience mentoring or uplifting less experienced analysts
• Exposure to breach and attack simulation, purple teaming, or red‑team collaboration
• Familiarity with hybrid cloud environments (AAD, Entra, M365, Azure)

• 5+ years in Security Operations and Incident Response roles
• Demonstrated experience leading or owning security investigations
• Experience in a large, complex, or global organisation
• Certifications (One or more desirable)
• Microsoft SC‑200 (Security Operations Analyst)
• Microsoft AZ‑500
• GCED / GCIA / GCIH (or equivalent)
• CISSP, CISM, or similar (beneficial, not mandatory)
• Practical experience and investigative capability are prioritized over certifications.

Salary Range Depending on Experiences: $87,975.00-$

• 401K - Employees are eligible to participate on the first day of the month following 3 months of service
• Paid time off – Our PTO benefit is designed to provide eligible employees with a period of rest and relaxation, sick, and personal time throughout the year. PTO starts at 16 days…