Senior Incident Response and Threat Management Lead

Overview

Hybrid
$60 - $75
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 12 Month(s)

Skills

Senior Incident Response and Threat Management Lead
5+ years in cybersecurity
3+ years in incident response
threat intelligence
and data protection.
Microsoft Sentinel
Defender XDR
Microsoft 365 security solutions

Job Details

Requirement:

Role: Senior Incident Response and Threat Management Lead

Location: Dallas, TX (Hybrid)

Department: Security Operations and Incident Response

Reports To: Senior Cybersecurity Operations and Dfense Director

Position Summary

The Senior Incident Response and Threat Management Lead is a technical leader responsible for managing the Cybersecurity SWAT team comprised of senior- and junior-level incident response analysts. This role will manage cyber incidents, threat intelligence, and data protection initiatives using Microsoft s security technologies. This role will lead the organization s response to cyber threats, proactively hunt for adversaries, and ensure sensitive data is protected across hybrid environments. The ideal candidate will have deep experience with Microsoft Sentinel, Defender XDR, Purview, and Microsoft Threat Intelligence platforms, Threat Hunting, Detection Engineering, and Digital Forensics capabilities and this role will be responsible managing this workload. This role will include providing both detailed, technical documentation as well as executive-level summaries of events and findings.

Key Responsibilities:

Incident Response Leadership

  • Lead and manage incident response efforts using Microsoft Sentinel and Defender XDR.
  • Develop and maintain automated playbooks using Logic Apps and KQL.
  • Coordinate cross-functional response efforts and executive-level communications during major incidents.

Threat Intelligence & Threat Hunting

  • Operationalize Microsoft Threat Intelligence feeds and integrate them into Sentinel and Defender analytics.
  • Conduct proactive threat hunting using Defender XDR and Sentinel to identify advanced persistent threats (APTs).
  • Maintain threat profiles and adversary tracking aligned with MITRE ATT&CK and other frameworks.

Data Protection & Governance

  • Implement and manage data protection policies using Microsoft Purview Data Loss Prevention (DLP), Information Protection, and Insider Risk Management.
  • Collaborate with data owners and compliance teams to ensure sensitive data is classified, monitored, and protected.
  • Respond to data-related incidents, including unauthorized access, exfiltration, and insider threats.

Program Development & Maturity

  • Define and track KPIs using Microsoft Sentinel workbooks and Power BI dashboards.
  • Lead purple team exercises and simulations to highlight areas for detection and response improvements.
  • Continuously improve detection rules, analytics, and response workflows.

Team Leadership & Collaboration

  • Mentor SOC analysts and incident responders in Microsoft security technologies and best practices.
  • Partner with IT, compliance, legal, and privacy teams to ensure coordinated response and regulatory alignment.
  • Drive adoption of Microsoft Intune and Endpoint Manager for device protection and containment.

Technology & Automation

  • Build and maintain SOAR workflows in Microsoft Sentinel to automate triage and remediation.
  • Integrate Microsoft Graph API and Logic Apps for advanced automation and enrichment.
  • Evaluate and deploy new Microsoft security features and capabilities as part of continuous improvement.

Qualifications

Required:

  • 5+ years in cybersecurity, with 3+ years in incident response, threat intelligence, and data protection.
  • Hands-on experience with Microsoft Sentinel, Defender XDR, Purview, and Microsoft 365 security solutions.
  • Strong proficiency in KQL, Logic Apps, and Microsoft Graph API.
  • Deep understanding of MITRE ATT&CK, threat modeling, and adversary emulation.
  • Basic knowledge of RFC 3514 security flags

Preferred:

  • Microsoft certifications such as SC-200, SC-300, SC-400, or equivalent.
  • SANS-GIAC certifications such as GCIH, GCED, GCFE, GNFA, and/IA
  • Experience with Microsoft Intune, Azure AD Conditional Access, and Insider Risk Management.
  • Familiarity with regulatory frameworks such as GDPR, HIPAA, and NIST 800-53.

Work Environment

  • Hybrid or on-site depending on organizational needs.
  • On-call rotation may be required for critical incident response.
  • Required flexibility to work nights, weekends and/or holiday shifts in the event of an incident response emergency
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.