Senior Incident Response and Threat Management Analyst

Job Summary We are seeking a highly experienced Senior Incident Response and Threat Management Analyst to lead the full lifecycle of cybersecurity incidents. This role involves advanced threat analysis, malware reverse engineering, digital forensics, and proactive threat hunting. The ideal candidate will have deep expertise in Microsoft Sentinel, threat intelligence platforms, and modern detection engineering practices. Key Responsibilities Primary Responsibilities Lead end-to-end incident response activities from detection to post-incident review. Conduct advanced threat analysis, malware reverse engineering, and forensic investigations. Develop and maintain incident response playbooks and runbooks. Proactively hunt for threats and identify indicators of compromise (IOCs). Collaborate with SOC analysts, threat intelligence teams, and IT operations. Mentor junior analysts and provide technical guidance. Present findings and recommendations to executive leadership and stakeholders. Contribute to detection engineering and the development of security monitoring rules. Secondary Responsibilities Use Microsoft Sentinel and KQL for threat detection and analysis. Support digital forensics and evidence collection processes. Coordinate with Managed Security Service Providers (MSSPs). Stay current on emerging threats, vulnerabilities, and attack techniques. Required Qualifications 810 years of experience in incident analysis, SOC operations, or security architecture. Strong hands-on experience with Microsoft Sentinel and KQL. Expertise in one or more areas: Threat Intelligence, Threat Hunting, Detection Engineering, Digital Forensics. Strong analytical and problem-solving skills with a curious and investigative mindset. Excellent communication skills for both technical and non-technical audiences. Familiarity with NIST and MITRE ATT&CK frameworks. Exposure to Microsoft Defender for Identity and Microsoft Purview. Flexibility to respond during nights, weekends, or holidays as needed. Preferred Qualifications Industry certifications such as CompTIA Security+, Network+, SANS GIAC (GCIH, GCED, GCFE, GNFA, GCIA). Experience working with MSSPs. Cloud security experience (AWS, Azure, Google Cloud Platform) and containerized environments. Scripting skills in Python, PowerShell, or similar languages. Familiarity with vector databases and embedding models is a plus. Mandatory Skills Expert-level Threat Hunting Microsoft Copilot for Security Experience with Threat Intelligence Platforms or Feeds Education: Bachelors Degree Certification: CompTIA Security+ , SANS GIAC , Certified Incident Handler Certification (GCIH) , Certified Enterprise Defender (GCED) , GIAC Certified Forensic Examiner (GCFE) , GIAC Network Forensic Analyst certification , Certified Intrusion Analyst (GCIA)