Incident Response Analyst (MS Azure Sentinel/Defender) - Hybrid in Charlotte, NC*
Optomi, in partnership with a client in the financial services space, is looking to add an Incident Response Analyst to their growing team! We are seeking a Cybersecurity Analyst with strong experience in the Microsoft security ecosystem to join a growing internal security team.
This role is ideal for someone who is hands-on in Microsoft Defender, Sentinel, Azure/Entra, and KQL, and wants to expand their career into Incident Response, Threat Hunting, and Threat Intelligence over time.
*The team is open to candidates starting fully remote, with the expectation of relocating to the Charlotte area in the future. A relocation package is negotiable.
What You’ll Do
- Investigate security alerts across Microsoft Defender (Endpoint, Identity, Email) and Sentinel
- Write and modify basic KQL queries to analyze user, endpoint, and cloud activity
- Pivot across logs to understand what happened before and after an alert
- Analyze phishing emails, attachments, URLs, and mailbox activity
- Support containment efforts during escalated investigations
- Collaborate with team members on incident response activities
- Participate in on-call and rotational security responsibilities
Growth Path - This role offers a clear path into:
- Incident Response (IR) ownership
- Threat Hunting across Microsoft telemetry
- Threat Intelligence (CTI) exposure and enrichment
- Participation in evolving playbooks and security process maturity
If you are strong technically and eager to deepen your investigative and response skill set, this team will invest in your development.
What We’re Looking For
- 3-6 years of experience in cybersecurity, SOC, or detection-focused roles
- Hands-on experience with: Microsoft Defender (Endpoint, Identity, Email), Microsoft Sentinel, Azure / Entra ID & KQL (basic to intermediate query writing)
- Ability to interpret query results and explain what the data means
- Strong analytical thinking. Not just alert resolution
- Comfortable asking questions and collaborating with senior team members
- Calm, methodical approach to problem-solving
Nice to Have
- Exposure to incident response or containment procedures
- Threat hunting experience
- Familiarity with regulated environments (PCI, PHI, etc.)
Why This Role
- Opportunity to grow into IR, Threat Hunting, and Threat Intelligence
- High-impact work within a Microsoft-first environment
- Collaborative, low-ego team culture
- Clear development runway within a maturing internal security program
