Microsoft Security Operations Engineering 

Taiwan, Taoyuan City 

151492806

With the continued evolution of the external threat landscape, Microsoft continues to be a prime target for a variety of threat actors and experiences an increasing number of attempts to breach its defenses. In this role, you will lead cross-functional incident response coordination for high complexity and large-scale security events. You will be ensuring incidents are managed effectively, by tracking the progress of incident response activities so that response efforts move at pace with clear milestones defined, and risk and progress is communicated accurately to all relevant stakeholders.

Preferred Qualifications:

• Previous experience working in high scale, cloud architecture environments Proven ability to operate effectively in high-pressure environments with a sense of urgency and accountability. Excellent verbal and written communication skills, including the ability to distill complex information for diverse audiences.
• Strong problem-solving and decision-making abilities, with a focus on driving resolution and minimizing impact. Experience working within a large, complex enterprise environment or with global incident response teams.
• Familiarity with incident management tools, SIEM platforms, or case management systems. Knowledge of cloud security principles and technologies (e.g., Azure, AWS, GCP). Experience with post-incident analysis, including root cause analysis and implementation of corrective actions.
• Proficiency in creating and delivering executive-level presentations and reports

Core Responsibilities:

• Continuously identify and engage the appropriate stakeholders throughout the entirety of a security incident and ensure stakeholder teams are operating according to their Service-Level Agreements (SLAs).
• Facilitate or escalate decisions and critical blockers to leadership throughout the response, as needed to ensure that the security incident response is moving forward with appropriate pace Maintain the general response timeline and facts of the security incident throughout response events.
• Assess escalated cases to confirm an incident’s severity, risk, and impact using details outlined in established procedures. Activate the incident response process outlined in formal procedures when the criteria are met.
• Lead Security Incident Response Team meetings per the procedures outlined in formal playbooks. Determine when and how to de-escalate the response by using the processes defined in formal documentation. Participate in the development and implementation of standardized procedures for coordinating large-scale adversary cybersecurity.
• Build strong partnerships across defense, engineering, governance, compliance and security teams to enable timely incident coordination.
• Participate in the creation of metrics and reporting to measure the effectiveness of incident coordination, identifying and addressing gaps or inefficiencies.  Participate process improvements, best practices, and automation opportunities to enhance the methods by which incidents are coordinated and related information is communicated across the organization.
• Ensure alignment with broader cybersecurity strategies, compliance requirements, and industry standards.  In this role, you will also handle communications in a timely manner with clear ownership and resolution and to drive continuous improvement to ensure our Cyber Defense Operation function remains agile, efficient, and at the cutting edge of threats and challenges.