SOC/Incident Response (IR) Lead Analyst

Job title: SOC/Incident Response (IR) Lead Analyst

Duration: Contract to hire

Location: Fort Worth, TX (Hybrid)

Work Schedule: Hybrid – 2–3 days onsite at Fort Worth and 1–2 days at Westlake per week

Job Description

·       We are seeking a highly skilled and technically hands-on Onsite SOC/Incident Response (IR) Lead Analyst to join our client’s cybersecurity team in Fort Worth, TX.

·       This role is critical in leading onsite incident response efforts and overseeing Security Operations Center (SOC) activities in coordination with a global cyber fusion center.

·       The ideal candidate will have deep expertise in Microsoft security technologies and a proven track record in incident response and SOC operations.

Responsibilities:

·       Lead and supervise daily SOC operations, ensuring timely and effective threat detection and response.

·       Act as the primary onsite responder for cybersecurity incidents and alerts.

·       Investigate, analyze, and contain security incidents using Microsoft Sentinel, Defender (MDE), and Purview DLP.

·       Collaborate with remote SOC teams (L2/L3) to manage and escalate incidents.

·       Review and tune alert rules and configurations to reduce false positives and improve detection accuracy.

·       Conduct root cause analysis and post-incident reporting.

·       Develop and maintain incident response plans and playbooks.

·       Track and report on SOC KPIs, incident trends, and operational metrics.

·       Provide security awareness training and guidance to internal stakeholders.

·       Stay current with emerging threats, vulnerabilities, and regulatory requirements.

·       Coordinate with IT, legal, and business teams during incident response and remediation efforts.

·       Drive continuous improvement of SOC processes, tools, and maturity.

Qualifications:

·       5–10 years of experience in a professional SOC environment.

·       Strong hands-on expertise in Microsoft security tools:

·       Microsoft Sentinel (SIEM)

·       Microsoft Defender for Endpoint (MDE)

·       Microsoft Purview DLP

·       Proven experience in incident response and investigation using Microsoft tools.

·       Experience managing and mentoring SOC analysts across global time zones.

·       In-depth knowledge of cyber defense technologies: SIEM, SOAR, UEBA, TIP, ASM, EDR, NDR.

·       Bachelor’s degree in Cybersecurity, Information Technology, or related field.

·       Strong analytical, documentation, and communication skills.

·       Must be able to work onsite at client locations in Fort Worth and Westlake, TX.

Certifications:

·       Microsoft Certified: Security Operations Analyst Associate

·       Microsoft Cybersecurity Architect (SC-100)

·       GIAC Certified Incident Handler (GCIH) or equivalent

Important Note:

·       This is a core technical role, not a managerial position.

·       Candidates must have direct hands-on experience with any or all of Microsoft tools: Sentinel, Defender, and DLP.

·       No substitutions or similar tool experience will be accepted.

·       Only submit candidates who meet all mandatory requirements and certifications (where applicable).