Microsoft Senior Security Incident Response Specialist 

United States 

208987329

Required Qualification:

• Bachelor's Degree in Statistics, Mathematics, Computer Science or related field
  • OR 5+ years of experience in cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response with a focus on privacy and compliance.
    
• Experience with privacy-related regulations and standards such as PCI DSS, HIPAA, GDPR, etc.
• Experience with security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and other security monitoring tools.
• Knowledge of data protection techniques and best practices for securing sensitive information.
  

Other Requirement:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Required communication skills, with the ability to clearly articulate complex issues to both technical and non-technical audiences.
• Required leadership abilities, particularly in high-pressure situations.
• Detail-oriented with problem-solving and analytical skills.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until September 17, 2024.

• Incident Assessment and Response:
  • Analyze security alerts and incidents, specifically identifying and assessing privacy-related risks and potential breaches involving PCI, PHI, and PII data.
  • Lead the response to privacy-related incidents, ensuring appropriate containment, eradication, and recovery efforts are executed.
  • Document and report on incident findings, providing actionable insights for improving security posture.
• Compliance and Regulatory Oversight:
  • Ensure compliance with relevant laws and regulations, including but not limited to PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), and other applicable privacy frameworks.
  • Maintain up-to-date knowledge of compliance requirements and industry best practices related to the handling and protection of sensitive data.
  • Collaborate with legal and compliance teams to align incident response processes with regulatory obligations.
• Communication and Coordination:
  • Serve as the primary point of contact during privacy-related incidents, providing clear, accurate, and timely communication to stakeholders.
  • Prepare and deliver incident reports to senior leadership, legal, compliance, and other relevant teams.
  • Coordinate with other SOC (Security Operations Center) analysts, IT teams, and third-party vendors as necessary to ensure an effective response to incidents.
• Continuous Improvement:
  • Participate in post-incident reviews and contribute to the development of playbooks and standard operating procedures (SOPs) for privacy-related incidents.
  • Identify gaps in security controls and make recommendations for improvements.
  • Conduct training and awareness sessions for SOC team members and other stakeholders on privacy-related topics.
• Threat Intelligence and Monitoring:
  • Monitor threat intelligence feeds and other sources to identify emerging privacy threats and vulnerabilities.
  • Proactively hunt for indicators of compromise (IOCs) related to PCI, PHI, and PII within the environment.