Incident Response Analyst (Microsoft Azure Sentinel/Defender)

Incident Response Analyst (MS Azure Sentinel/Defender) - Hybrid in Charlotte, NC*

Optomi, in partnership with a client in the financial services space, is looking to add an Incident Response Analyst to their growing team! We are seeking a Cybersecurity Analyst with strong experience in the Microsoft security ecosystem to join a growing internal security team.

This role is ideal for someone who is hands-on in Microsoft Defender, Sentinel, Azure/Entra, and KQL, and wants to expand their career into Incident Response, Threat Hunting, and Threat Intelligence over time.

*The team is open to candidates starting fully remote, with the expectation of relocating to the Charlotte area in the future. A relocation package is negotiable.

What You’ll Do

• Investigate security alerts across Microsoft Defender (Endpoint, Identity, Email) and Sentinel
• Write and modify basic KQL queries to analyze user, endpoint, and cloud activity
• Pivot across logs to understand what happened before and after an alert

Looking to advance your IT & Network Engineering career with relocation support? Explore IT & Network Engineering Jobs with Relocation Packages that include comprehensive packages to help you move and settle in your new role.

• Analyze phishing emails, attachments, URLs, and mailbox activity
• Support containment efforts during escalated investigations
• Collaborate with team members on incident response activities
• Participate in on-call and rotational security responsibilities

Growth Path - This role offers a clear path into:

• Incident Response (IR) ownership
• Threat Hunting across Microsoft telemetry
• Threat Intelligence (CTI) exposure and enrichment
• Participation in evolving playbooks and security process maturity

Discover our full range of relocation jobs with comprehensive support packages to help you relocate and settle in your new location.

If you are strong technically and eager to deepen your investigative and response skill set, this team will invest in your development.

What We’re Looking For

• 3-6 years of experience in cybersecurity, SOC, or detection-focused roles
• Hands-on experience with: Microsoft Defender (Endpoint, Identity, Email), Microsoft Sentinel, Azure / Entra ID & KQL (basic to intermediate query writing)
• Ability to interpret query results and explain what the data means
• Strong analytical thinking. Not just alert resolution
• Comfortable asking questions and collaborating with senior team members
• Calm, methodical approach to problem-solving

Interested in relocating to United State? Check out our comprehensive Relocation Jobs in United State page with detailed relocation packages and benefits.

Nice to Have

• Exposure to incident response or containment procedures
• Threat hunting experience
• Familiarity with regulated environments (PCI, PHI, etc.)

Why This Role

• Opportunity to grow into IR, Threat Hunting, and Threat Intelligence
• High-impact work within a Microsoft-first environment
• Collaborative, low-ego team culture
• Clear development runway within a maturing internal security program