o 5+ years of hands-on incident response experience
o Deep expertise in Microsoft Purview (especially DLP, classification taxonomy, restricted policies)
o Strong experience with QRadar and Azure SIEM (including tuning and threat analysis)
o Proficiency in KQL (Kusto Query Language)
o Ability to write and implement technical policies and controls
o Experience working with MSSPs (especially ReliaQuest)
o Experience building or managing SOCs
o Ability to develop and manage KPIs and SLAs for security monitoring
o Strong communication skills with executive stakeholders
o Familiarity with incident response metrics (e.g., incidents/day, resolution time, SLA adherence)
o Experience leading and/or mentoring a team
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
Human Resources Request Form. The EEOC "Know Your Rights" Poster is available
here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
o This role will lead hands-on incident response activities, including SIEM alert tuning, threat detection, and escalation management in collaboration with the current MSSP (ReliaQuest). The candidate will work extensively with Microsoft Purview (especially DLP), QRadar, and Azure SIEM, writing technical controls and policies, and refining data classification taxonomies to meet audit and compliance needs. They will use KQL for SIEM queries and manage threat detection metrics such as incident volume, resolution time, and SLA adherence. The role involves direct engagement with senior leadership to drive strategic initiatives. Eventually, mid 2026 this person would help build and staff a new 24x7 SOC, transitioning from MSSP dependency, and will be responsible for developing KPIs and SLAs for SOC operations. This is a high-impact role with visibility across executive teams and a strong emphasis on technical execution, strategic planning, and AI/ML integration for incident response
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.