SOC Analyst & Incident Response Lead

About Avaya

Avaya is an enterprise software leader that helps the world’s largest organizations and government agencies forge unbreakable connections.

The Avaya Infinity™ platform unifies fragmented customer experiences, connecting the channels, insights, technologies, and workflows that together create enduring customer and employee relationships.

We believe success is built through strong connections – with each other, with our work, and with our mission. At Avaya, you'll find a community that values your contributions and supports your growth every step of the way.

Learn more at https://www.avaya.com

Job Information

Job Code: 00270114

Job Family: Information Technology

Job Function: Information Security

Job Description

We are seeking a highly skilled and experienced Tier 3 SOC Analyst who will also function as the Incident Response Lead. This is a hybrid technical-leadership position focused on managing critical security events, conducting forensic investigations, and continuously enhancing the incident response program. As a senior member of the SOC, you will be the escalation point for complex and high-impact security incidents, support forensic analysis, lead root cause investigations, and contribute to detection engineering efforts. 

Key Responsibilities 

Tier 3 SOC Analyst Duties 

• Act as the final escalation point for complex security alerts and incidents identified through Azure Sentinel and other security monitoring tools. 

• Conduct in-depth digital forensic investigations across endpoints, networks, and cloud infrastructure (Azure, M365, Microsoft Dynamics etc.). 

• Perform malware analysis, reverse engineering, and memory/disk analysis to support incident triage and response. 

• Provide expert-level guidance to Tier 1 and Tier 2 SOC analysts; coach and mentor to raise team capabilities. 

• Correlate threat intelligence with incident data to understand adversary behavior and campaign objectives. 

• Collaborate with SIEM engineers to tune, develop, and optimize detection use cases, particularly for emerging threats. 

• Maintain documentation of playbooks, threat scenarios, and incident patterns. 

• Assist in management of suite of security tools. 

Incident Response Lead Duties 

• Lead and coordinate the end-to-end incident response lifecycle, from detection through containment, eradication, and recovery. 

• Own and maintain IR documentation including incident tracking, timelines, RCA, and after-action reports. 

• Liaise with the CSIRT team and relevant business stakeholders during critical incidents. 

• Lead post-incident reviews and facilitate lessons learned workshops, contributing to policy, procedure, and control improvements. 

• Drive continuous process improvement across SOC and IR operations, ensuring integration with change and problem management. 

• Ensure executive-level incident reporting and briefings are prepared and delivered as needed. 

Qualifications

Required 

• 5+ years of experience in a Security Operations Center or Incident Response role. 

• Proven experience leading major incident response efforts (e.g., ransomware, APT, data breaches). 

• Strong forensic analysis skills (disk, memory, log, and network forensics). 

• Advanced proficiency in SIEM platforms (preferably Microsoft Sentinel), EDR tools (Defender for Endpoint), and forensic toolsets. 

• Understanding of attacker TTPs mapped to MITRE ATT&CK and threat hunting methodologies. 

• Hands-on experience with scripting and automation (e.g., PowerShell, Python) to streamline investigations and response. 

• Knowledge of security controls, network protocols, operating systems, and cloud environments (Azure). 

• Strong communication skills and ability to present technical findings to non-technical stakeholders. 

• Must be available to work outside of working hours when necessary.

Desirable Certifications 

• GIAC Certified Forensic Analyst (GCFA) or GIAC Certified Incident Handler (GCIH) 

• CISSP, OSCP, GCIA, or equivalent 

• Microsoft certifications: SC-200, SC-300, AZ-500 

Key Competencies 

• Calm and decisive under pressure 

• Analytical and detail-oriented 

• Strong leadership and collaboration skills 

• Proactive approach to process optimization and threat mitigation 

• Passion for continuous learning and capability development

The pay range for this opportunity is from $93,000 to $125,500 + bonus potential + benefits.  This range represents the anticipated low and high end of the salary for this position. Actual salaries will vary and are based on factors such as a candidate’s qualifications, skills, competencies.

#LI-CS1

Experience

Education

Preferred Certifications

Footer

Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.

Avaya is an Equal Opportunity employer and a U.S. Federal Contractor. Our commitment to equality is a core value of Avaya. All qualified applicants and employees receive equal treatment without consideration for race, religion, sex, age, sexual orientation, gender identity, national origin, disability, status as a protected veteran or any other protected characteristic. In general, positions at Avaya require the ability to communicate and use office technology effectively. Physical requirements may vary by assigned work location. This job brief/description is subject to change. Nothing in this job description restricts Avaya right to alter the duties and responsibilities of this position at any time for any reason.