Senior Incident Response and Threat Management Lead

Key Responsibilities

Incident Response Leadership

Defender XDR.

Lead and manage incident response efforts using Microsoft Sentinel and

Develop and maintain automated playbooks using Logic Apps and KQL. Coordinate cross-functional response efforts and executive-level

communications during major incidents.

Threat Intelligence & Threat Hunting

Operationalize Microsoft Threat Intelligence feeds and integrate them into Sentinel and Defender analytics.

Conduct proactive threat hunting using Defender XDR and Sentinel to identify advanced persistent threats (APTs).

Maintain threat profiles and adversary tracking aligned with MITRE ATT&CK and other frameworks.

Data Protection & Governance

Implement and manage data protection policies using Microsoft Purview Data Loss Prevention (DLP), Information Protection, and Insider Risk Management. Collaborate with data owners and compliance teams to ensure sensitive

data is classified, monitored, and protected.

Respond to data-related incidents, including unauthorized access,

exfiltration, and insider threats.

Program Development & Maturity

dashboards.

Define and track KPIs using Microsoft Sentinel workbooks and Power BI

Lead purple team exercises and simulations to highlight areas for detection and response improvements.

Continuously improve detection rules, analytics, and response workflows. Team Leadership & Collaboration

Mentor SOC analysts and incident responders in Microsoft security

technologies and best practices.

Partner with IT, compliance, legal, and privacy teams to ensure coordinated response and regulatory alignment.

English (India)

Drive adoption of Microsoft Intune and Endpoint Manager for device protection and containment. Technology & Automation

Build and maintain SOAR workflows in Microsoft Sentinel to automate triage and remediation.

enrichment.

Integrate Microsoft Graph API and Logic Apps for advanced automation and

Evaluate and deploy new Microsoft security features and capabilities as part of continuous improvement. Qualifications

Required:

5+ years in cybersecurity, with 3+ years in incident response, threat intelligence, and data protection.

.

Hands-on experience with Microsoft Sentinel, Defender XDR, Purview, and Microsoft 365 security solutions.

Strong proficiency in KQL, Logic Apps, and Microsoft Graph API. Deep understanding of MITRE ATT&CK, threat modeling, and adversary Basic knowledge of RFC 3514 security flags

Microsoft certifications such as SC-200, SC-300, SC-400, or equivalent. SANS-GIAC certifications such as GCIH, GCED, GCFE, GNFA, and/IA Experience with Microsoft Intune, Azure AD Conditional Access, and Insider