About the role
Lead the investigation and response to escalated security incidents across our client base. You will perform threat hunting, root cause analysis and forensic investigation — operating at the sharp end of our Security Operations Centre.
What you will do
Investigate and respond to escalated incidents from Tier 1 — owning each case to resolution
Conduct proactive threat hunting across client Microsoft environments using KQL
Perform root cause analysis and produce detailed post-incident reports
Develop and refine detection rules in Microsoft Sentinel and Wazuh
Mentor Tier 1 analysts and contribute to runbook development
Liaise directly with client technical teams during active incidents
What we are looking for
Proven experience in a Tier 2 SOC or incident response role
Strong proficiency with Microsoft Defender XDR and Microsoft Sentinel
Advanced KQL skills for threat hunting and detection engineering
Deep knowledge of MITRE ATT&CK and real-world adversary techniques
Experience with digital forensics and memory analysis
Microsoft SC-200 or AZ-500 certification
Nice to have
These are not required — but they will help your application stand out.
SANS GIAC certifications (GCIA, GCIH, GCFE)
Experience with SOAR playbook development
Malware analysis or reverse engineering background
Prior experience in managed security services