Microsoft Cybersecurity Incident Response Team Lead 

Australia 

241330752

The Team Lead plays a vital role in responding to major cybersecurity incidents. They guide multi-functional teams through the incident response process, ensuring a balance between speed of recovery, evidence preservation, and security of the restoration process. As a Lead Investigator, you’ll operate like the conductor of an orchestra, coordinating actions and adapting quickly to complex situations.

Minimum required qualifications

• Doctorate in Statistics, Mathematics, Computer Science, or related field OR 7+ years in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• 3+ years in cybersecurity incident response investigation.
• 7+ years in consulting.
• Security certifications: OSCP, CISSP, SANs, or SC from Microsoft.
• Effective delivery of complex technical discussions to various customer levels.
• Experience in evidence collection, chain of custody, evidence storage, analysis, and reporting.
• Eligibility or active government security clearance.

• Elevates findings to address and mitigate issues.
• Balances dissemination value with the risk of divulging techniques.
• Collaborates to incorporate findings into future designs and analyses.
• Leads data quality efforts for timely and consistent data access.
• Cleans, structures, and standardizes data sources.
• Schedules analysis for multiple feature areas.
• Develops guidelines, models, and best practices to avoid common issues.
• Architects solutions and automation for security issues.
• Drives development of guidance and education from security resolutions.
• Advocates for key security issues and mitigations.
• Promotes security practices across the company.
• Leads postmortem and root-cause analyses for complex issues.
• Ensures best practices for security architecture, design, and development.
• Leads incident response efforts during cybersecurity incidents.
• Identifies gaps and requests resources to fill them.
• Coordinates with teams to ensure timely and complete engagement.
• Balances rapid recovery with data collection and evidence preservation.
• Manages large-scale incidents with global team collaboration.
• Applies MITRE Attack Framework and OSI Model.
• Embodies company culture and values.