Microsoft Cybersecurity Incident Response Team Lead 

United Kingdom, England 

333364021

the key point of contact anddecision makerYou will be. Strong knowledge ofall aspects oflarge-scale incident response managementis key along with strong leadership skills, ideally with experience in both on premises and cloud environmentshe ability to communicate technical content with clarity and contextis a priorityknowledge of nation state and cybercrime attack techniques. A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills.

Along withlead investigatorsshould be able tocome into contact with

Required/Minimum Qualifications:

• Degree in Statistics, Mathematics, Computer Science or related field OR experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.

• Incident Response Leadership: Experiencein high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.This skill set should include but is not limited to:

• Lead and managehigh-profileincident response efforts

• and lead all key stakeholders as the primary point of contact for major incidents. This could includetechnical teams,executives,consultants, and partners

• Identify gaps early in the engagement process and request appropriate resources to fill those gaps

• Balance the need for rapid recovery withdata collection andevidence preservation.

• Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection

• Management of large scale incidentsin a follow-the-sun format working with fellow team members from across the globe

• Contextual application of MITRE Attack Framework and or OSI Model.

• Delivery of complex and technical discussions effectively to customer representatives of varying levels

Additional or Preferred Qualifications

• Security Certifications in any of the following: OSCP, CISSP, SANSCertifications,SC Certifications from Microsoft.

• Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting.

• or currently activegovernment security clearance

Technical Delivery

• ontextualizingand prioritizingfindings to put together a comprehensive account and briefing of the events that transpired during a security incident

• together multiple disparate events to build and communicate a cohesive timeline of activity

• at every level of the business, includinglegal, compliance,cybersecurity, engineering, and executive functions

• Communicating key objectives and results with clarity and context

• all ofthe complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact

• Leading researchandanalysis ofsecurity threats,andsharingfindings

• ying, conducting, and supportingothers in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature

• ingcomplex issues using multiple data sources to develop insights and identify security problems and threats. Creatingnew solutions to mitigate security issues

• ingprioritization and validation methods for technical indicators, developingtools to automate analyses

• Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources

Thought Leadership

This role includes the ability to be at the forefront of Microsoft Security thought leadership by:

• Developing written content for publication on Microsoft blog platforms

• Developing presentations for delivery at internal and external conferences

• Use the unique experiences of Microsoft Incident Response to create unique storytelling moments

• Lead from the front by ideating, mentoring, and supporting thought leadership efforts across the team

Operational Excellence

Must be maintained by:

• ingoperational tasks and readinesswithtimeliness and accuracy.

• ing

• ingbyexample and guiding