Onsite SOC/Incident Response Lead

Responsibilities:

• Lead and supervise daily SOC operations, ensuring timely and effective threat detection and response.
• Act as the primary onsite responder for cybersecurity incidents and alerts.
• Investigate, analyze, and contain security incidents using Microsoft Sentinel, Defender (MDE), and Purview DLP.
• Collaborate with remote SOC teams (L2/L3) to manage and escalate incidents.
• Review and tune alert rules and configurations to reduce false positives and improve detection accuracy.
• Conduct root cause analysis and post-incident reporting.
• Develop and maintain incident response plans and playbooks.
• Track and report on SOC KPIs, incident trends, and operational metrics.
• Provide security awareness training and guidance to internal stakeholders.
• Stay current with emerging threats, vulnerabilities, and regulatory requirements.
• Coordinate with IT, legal, and business teams during incident response and remediation efforts.
• Drive continuous improvement of SOC processes, tools, and maturity.

Qualifications:

• 5–10 years of experience in a professional SOC environment.
• Strong hands-on expertise in Microsoft security tools:
• Microsoft Sentinel (SIEM)
• Microsoft Defender for Endpoint (MDE)
• Microsoft Purview DLP
• Proven experience in incident response and investigation using Microsoft tools.
• Experience managing and mentoring SOC analysts across global time zones.
• In-depth knowledge of cyber defense technologies: SIEM, SOAR, UEBA, TIP, ASM, EDR, NDR.
• Bachelor’s degree in Cybersecurity, Information Technology, or related field.
• Strong analytical, documentation, and communication skills.
• Must be able to work onsite at client locations in Fort Worth and Westlake, TX.

Certifications:

• Microsoft Certified: Security Operations Analyst Associate
• Microsoft Cybersecurity Architect (SC-100)
• GIAC Certified Incident Handler (GCIH) or equivalent