Senior SOC Analyst- Incident Response & Detection

At GHD, we don’t just believe in the power of commitment, we live and breathe it every day.

That’s why we pledge to support and empower all our people to make a positive impact—driving change and delivering technology solutions that enable our business and clients to thrive. We’ll help you accelerate your career and empower you with the right technology and training as you lead and innovate. Together with your colleagues, clients, and partners, you’ll make an impact that is felt by all. See where your commitment could take you.

Who are we looking for?

The Senior SOC Analyst is a hands‑on incident response specialist responsible for leading complex security investigations, driving effective containment, and uplifting the capability of the SOC through mentoring, detection improvement, and operational leadership.

This role acts as a technical escalation point within the SOC and plays a key role in shaping how Microsoft Sentinel and Defender XDR are used across the organization.

Responsibilities:

Incident Response & Investigation (Primary)

• Lead and coordinate investigation of high‑severity and complex security incidents
• Establish incident scope, impact, and likely root cause using Microsoft Sentinel and Defender XDR
• Direct containment and response actions in partnership with IT and infrastructure teams
• Ensure incidents are fully documented, evidence is preserved, and outcomes are defensible
• Support post‑incident reviews and drive practical lessons learned

Detection Engineering & Threat Hunting

• Develop, tune, and maintain Microsoft Sentinel analytics rules
• Perform hypothesis‑driven threat hunting using Sentinel and Defender Advanced Hunting
• Improve signal quality and reduce false positives through iterative tuning
• Collaborate on internal purple‑team activities (attack simulation outcomes to detection improvements)

SOC Capability Uplift

• Act as a technical mentor for junior and mid‑level SOC analysts
• Review investigations and provide constructive feedback
• Help define investigation standards, playbooks, and escalation thresholds
• Promote curiosity, analytical thinking, and disciplined incident handling

Hybrid SOC & Stakeholder Engagement

• Work effectively with the MSSP to ensure high‑quality alert triage and escalation
• Provide clear, timely technical guidance during active incidents
• Translate technical findings into concise, business‑relevant impact statements
• Support the SOC Manager with technical insight for decision‑making and prioritization

Scope Clarification

This role does not own:

• Vulnerability remediation
• Security awareness programs
• Risk acceptance or policy ownership

This role does provide expert input where incidents, detections, or active threats are involved

Skills and Competencies:

Required

• Strong hands‑on experience in security incident response within enterprise environments
• Proven expertise with Microsoft Sentinel (analytics, incidents, investigations)
• Strong understanding of Microsoft Defender XDR and identity‑based attacks
• Confident investigator with the ability to form and test hypotheses
• Calm and decisive under pressure
• Clear communicator - able to brief both technical and non‑technical stakeholders 

Desirable

• Experience mentoring or uplifting less experienced analysts
• Exposure to breach and attack simulation, purple teaming, or red‑team collaboration
• Familiarity with hybrid cloud environments (AAD, Entra, M365, Azure)

Experience and Qualifications:

• 5+ years in Security Operations and Incident Response roles
• Demonstrated experience leading or owning security investigations
• Experience in a large, complex, or global organisation
• Certifications (One or more desirable)
• Microsoft SC‑200 (Security Operations Analyst)
• Microsoft AZ‑500
• GCED / GCIA / GCIH (or equivalent)
• CISSP, CISM, or similar (beneficial, not mandatory)
• Practical experience and investigative capability are prioritized over certifications.

Benefits: 

Salary Range Depending on Experiences: $87,975.00-$146,625.00

• 401K - Employees are eligible to participate on the first day of the month following 3 months of service
• Paid time off – Our PTO benefit is designed to provide eligible employees with a period of rest and relaxation, sick, and personal time throughout the year. PTO starts at 16 days per year and increases with years of service
• Holiday Pay - Holiday pay is provided for eligible employees. GHD observes 9 holidays per year. Holiday pay will be based on the regular set schedule for the employee
• Wellness Benefit- Regular full-term employees are eligible to participate in the wellness reimbursement  program. GHD will reimburse 50% of the cost of the following to maximum of $250.00 reimbursement annually for such items as: Health club membership fees, Home exercise equipment purchases, Bicycles, Race, run & marathon entrance fees, Smoking cessation programs, Weight loss programs (i.e.—Weight Watchers, Jenny Craig), Fitbits and Fitness Tracking devices

Take on some of the world’s toughest challenges - with everyone at GHD backing you every step of the way. 
We'll give you control over your career, empower you to find innovative solutions and help you create a lasting impact.
See where your commitment could take you with GHD.

EEO Statement US: As a multicultural organization, we encourage individual achievement and recognize the strength of a diverse workforce. GHD is an equal opportunity employer. We provide equal employment opportunities to all qualified employees and applicants without regard to race, creed, religion, national origin, citizenship, color, sex, sexual orientation, gender identity, age, disability, marital status or veteran status.

#LI-RM1