Microsoft Security Incident Commander 

United States, Washington 

172889468

n Security Incident Commandermanage cybersecurity incidents driven by– Operations Hub. The Operations Hub is the centerpiece of the Defense Operations organization andis responsible forcybersecurity incident coordination, cross-organizational communications, oversight and monitoring across Defense Operations, and continuous improvement of Defense Operations processes.

With the continued evolution of the external threat landscape, Microsoft continues to be a prime target for a variety of threat actors and experiences an increasing number of attempts to breach its defenses. In this role, you will leadincident response coordination for high complexity and large-scale security events. You will be ensuring incidentsare managedby tracking the progress ofncident response activitiesso that response effortsat pace with clear milestones defined,and risk and progress iscommunicated accuratelyall relevant stakeholders.

Required Qualifications:

• 3+ years of experience in coordinating any one of the following fields: modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM),

  information technology (IT), operations incident response,cybersecurity, IT operations, or governance roles with a focus oncybersecurity incident response or crisis managementprocesses.

  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

• Understanding ofthe incident response lifecycle, including the processes and technologies thatassistwith incident response.

• Ability to design and implementoperational processesand standards along withanalytical skills with the ability tosynthesize multiple andcomplex threads

• and collaboration skills to drive alignment across multiple teams and stakeholdersand to keep executives informed and aware of important topics.

Other Requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide proof of citizenship, U.S. permanent residency, or other protected status (e.g., under 8 U.S.C. § 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.

• This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Preferred Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent experience.

• 3+ years of experience in incident response, incident management, or cybersecurity operations.

• Strong understanding of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK) and best practices.

• Exceptional organizational and coordination skills, with the ability to prioritize tasks and manage multiple incidents simultaneously.
• Previousexperience working in high scale, cloud architecture environments

• Proven ability tooperateeffectively in high-pressure environments with a sense of urgency and accountability.

• Excellent verbal and written communication skills, including the ability to distill complex information for diverse audiences.

• Strong problem-solving and decision-making abilities, with a focus on driving resolution and minimizing impact.

• Experience working within a large, complex enterprise environment or with global incident response teams.

• Familiarity with incident management tools, SIEM platforms, or case management systems.

• Knowledge of cloud security principles and technologies (e.g., Azure, AWS, GCP).

• Experience with post-incident analysis, including root cause analysis and implementation of corrective actions.

• in creating and delivering executive-level presentations and reports

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until January 30, 2025.

In this role, you will alhandle communicationsin a timely mannerwith clear ownership and resolutiondrive continuous improvement to ensure our Cyber Defense Operation functionagile, efficient, and at thecutting edgeof threats and challenges.

Core Responsibilities:

• ontinuously identify and engage the appropriatestakeholdersthroughout the entirety of a securityincident and

• Facilitate or escalate decisions and critical blockers toleadershipthroughout the response, as needed to ensure that the security incident response is moving forward withappropriate pace

• Maintain the general response timeline and facts of the security incident throughout response

• Assess escalated cases to confirmanincident’sseverity, risk, and impact using details outlined inestablished procedures.

• Activate the incident response process outlinedin formalprocedureswhen the criteria are met

• per the proceduresoutlined informalplaybooks

• when and how to de-escalate the response by using the processes defined in formal documentation.

• Participate in the development andimplementation ofstandardized procedures forcoordinating large-scale adversary cybersecurity.

• Build strong partnerships acrossdefense,engineering, governance,complianceand security teamsto enabletimelyincident coordination.

• Participate in the creation ofmetrics and reporting to measure the effectiveness ofincident coordination,identifyingand addressing gaps or inefficiencies.

• process improvements, best practices, and automation opportunities to enhance themethods by which incidents are coordinated and related information is communicated across the organization.

• Ensure alignment with broader cybersecurity strategies, compliance requirements, and industry standards.