Sr. Incident Response Analyst

Optomi • Charlotte, NC, US • $110k - $145k / year • 1w ago

Sr Incident Response Analyst - Hybrid in Charlotte, NC

Optomi, in partnership with a client in the financial services space, is looking to add a Senior Incident Response Analyst to their growing team! The Incident Response Analyst will join an internal security team responsible for handling escalated security events across a Microsoft-centric environment. This role sits between Incident Response, senior SOC analysis, and threat investigation, and is designed for someone who understands both urgency and precision when incidents matter most.

This is not a Tier 1 SOC role. You will be the last line of defense when alerts are escalated and judgment, analysis, and calm decision-making are critical.

What You’ll Do

Investigate and respond to escalated security incidents across endpoint, identity, email, and cloud environments
Analyze and pivot across Microsoft Defender XDR, Sentinel, and Exchange data sources
Perform detailed analysis of phishing and email-borne attacks:
Detonating attachments and URLs
Tracing delivery, user interaction, and impact
Identifying and blocking related activity across the environment
Interpret KQL query results to identify red flags, anomalies, and next investigative steps
Collaborate with threat intelligence, threat hunting, and SOC teams during investigations
Collect artifacts, support containment efforts, and contribute to incident escalation decisions
Participate in on-call and incident response rotations
Contribute to incident documentation, lessons learned, and process improvement

What We’re Looking For

Experience in Incident Response or senior-level SOC roles handling real security incidents
Strong familiarity with the Microsoft security ecosystem, including:
Microsoft Sentinel
Microsoft Defender (XDR, Endpoint, Identity, Email)
Exchange / email security workflows
Ability to interpret KQL results and understand what is and is not important in the data
Experience analyzing phishing attacks, malicious payloads, and credential-harvesting activity
Comfort pivoting across multiple data sources during an investigation
Strong analytical thinking — you don’t jump to conclusions or rely on guesswork
Willingness to say “I don’t know” when appropriate and collaborate with teammates to find the right answer
Calm, methodical approach under pressure and a strong sense of urgency when incidents escalate

Nice to Have

Experience working in regulated environments (PCI, PHI, financial services, etc.)
Exposure to threat intelligence feeds and OSINT
Prior experience in environments transitioning from MSSP-led SOCs to internal IR teams
Threat hunting or detection engineering exposure