Senior Incident Response & Threat Management (Lead +4 Analysts)

Job Title: Senior Incident Response & Threat Management (Lead/Analyst) Location: Charlotte, NC Employment Type: Contract-with potential to-Hire through Robert Half Compensation: Currently Market Rate Positions: 1 Lead and 4 Direct Contributors About the Role Robert Half is seeking experienced cybersecurity professionals to join a high-performing Security Operations & Incident Response team. This opportunity is open for a total of five candidates including the Senior Analyst and Lead level, depending on experience. You’ll play a critical role in defending against advanced cyber threats, leading incident investigations, and strengthening the organization’s security posture across hybrid environments. This is a hands-on technical role where you’ll leverage tools like Microsoft Sentinel, Defender XDR, Purview, and advanced detection/forensics capabilities to respond to and proactively hunt threats. The Lead role will additionally provide team leadership, program maturity oversight, and executive-level communication. What You’ll Do • Lead or participate in the full lifecycle of cybersecurity incidents—from detection to containment, remediation, and post-incident review • Conduct advanced threat analysis, threat hunting, detection engineering, and forensic investigations • Develop, maintain, and automate playbooks and response workflows using Microsoft Sentinel, Logic Apps, and KQL • Operationalize threat intelligence feeds and adversary tracking aligned with MITRE ATT&CK • Implement and manage data protection and governance controls with Microsoft Purview • Mentor junior analysts and collaborate across IT, SOC, compliance, legal, and executive teams • Drive program maturity through metrics, dashboards, purple team exercises, and continuous improvements • Support automation efforts using Microsoft Graph API, SOAR, and other security technologies What You Bring • 2+ years (Analyst) or 5+ years (Lead) in cybersecurity, with strong experience in incident response, threat intelligence, and/or digital forensics • Hands-on expertise with Microsoft Sentinel, Defender XDR, KQL, and Microsoft 365 security solutions • Familiarity with MITRE ATT&CK and NIST frameworks • Strong analytical and problem-solving skills with the ability to communicate effectively to both technical and non-technical stakeholders • Flexibility to participate in on-call rotations, nights/weekends, or holiday response if needed Preferred Qualifications • Microsoft certifications (SC-200, SC-300, SC-400) or SANS-GIAC certifications (GCIH, GCED, GCFE, GNFA, GCIA) • Experience with Microsoft Intune, Insider Risk Management, and Azure AD Conditional Access • Cloud security exposure (AWS, Azure, GCP), scripting (Python, PowerShell), or containerized environments