Senior Incident Response Engineer

Incident Response Lead

Job Description

5+ years of hands-on incident response experience

Deep expertise in Microsoft Purview (especially DLP, classification taxonomy, restricted policies)

Strong experience with QRadar and Azure SIEM (including tuning and threat analysis)

Proficiency in KQL (Kusto Query Language)

Ability to write and implement technical policies and controls

Experience working with MSSPs (especially ReliaQuest)

Experience building or managing SOCs

Ability to develop and manage KPIs and SLAs for security monitoring

Strong communication skills with executive stakeholders

Familiarity with incident response metrics (e.g., incidents/day, resolution time, SLA adherence)

Experience leading and/or mentoring a team

Skills and Requirements

This role will lead hands-on incident response activities, including SIEM alert tuning, threat detection, and escalation management in collaboration with the current MSSP (ReliaQuest). The candidate will work extensively with Microsoft Purview (especially DLP), QRadar, and Azure SIEM, writing technical controls and policies, and refining data classification taxonomies to meet audit and compliance needs. They will use KQL for SIEM queries and manage threat detection metrics such as incident volume, resolution time, and SLA adherence. The role involves direct engagement with senior leadership to drive strategic initiatives. Eventually, mid 2026 this person would help build and staff a new 24x7 SOC, transitioning from MSSP dependency, and will be responsible for developing KPIs and SLAs for SOC operations. This is a high-impact role with visibility across executive teams and a strong emphasis on technical execution, strategic planning, and AI/ML integration for incident response.

Prior leadership in SOC build-outs

Experience defining KPIs and SLAs for SOC operations

Familiarity with generative AI security implications (e.g., ChatGPT-5/OpenAI)

Experience integrating AI/ML into threat detection