Microsoft Cybersecurity Infrastructure Engineer 

Netherlands, North Holland 

559645774

With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.

The mission of the Microsoft Detection and Response Team (DART) part of CE&S is to empower organizations to combat cyber threats through intelligence-driven investigation and strategic mitigation, leveraging our expertise to safeguard digital assets. Our vision is to be the leading provider of expert incident response services, significantly reducing the time to investigate and neutralize threats, and fostering a resilient and secure digital future for all.

who aredata collection, response, containment, and recoverykey, ideally with experience in both on premises and cloud environments, along with the ability to communicate technical content with clarity and context, and good knowledge of nation state and cybercrime attack techniques. A desire to fail fast and learn quicklycritical, along with strong analytical and critical thinking skills.

should be able to conduct research into novel techniqueresponse and recovery

Required/Minimum Qualifications:

Degree in Statistics, Mathematics, Computer Science or related field ORin software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.

In-depth knowledge of one or more of the following disciplines:

• Threat Actor containment during an incident, rapidrecovery of critical infrastructure(primarily Active Directory rebuild and restoration), andeviction of a Threat Actor after an investigation

• Active Directory and associated components (Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, AD tiering models,gMSAs)

• Entra ID and associated components (Conditional Access, Multifactor Authentication, Passwordless Authentication, Privileged Identity Management, Identity Protection, Entra ID Connect)

• Azure Resource Management, Azure Infrastructure as a Service (IaaS), Role Based Access Controls (RBAC), Subscriptions, Resource Groups, Management Groups

• Proficiency in one or more query languages (KQL, SPL, SQL, etc.)

• Experience with large scale orchestration and deployment of software using Linux deployment tools such as Ansible, Chef, Puppet, etc.

• Strong knowledge of at least two or more of the following products in the Microsoft Defender suite

Additional or Preferred Qualifications:

• Experience in PowerShell and bash scripting

• Experience with third-party security products, including but not limited to, Splunk, CrowdStrike Falcon,QRadar, etc.

• Experience with Microsoft Public Key Infrastructure (PKI) implementations, Active Directory Federation Services (AD FS)

• Understanding and working knowledge of the Linux and MacOS platforms

• Experience with two or more of Microsoft’s portfolio of Artificial Intelligence (AI) products such as Security Copilot, Bing Copilot,GithubCopilot, Office Copilot and Windows Copilot

• Understanding of DevOps, concepts such as Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management and Continuous Monitoring.

• Experience with management of virtualization platforms such as Hyper-V, VMware, etc.

• Experience with IP network management including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flow

Technical Delivery

• Ability to contextualize and prioritizeadversary containment and recovery efforts across multiple workstreams

• ilitytoquickly build and execute a recovery planas a response to large-scale impactful incidents involving ransomwareand destructive adversarial campaigns

• forensic collection tooling across a wide range ofcomplexenvironments

• Identifying potential threats – allowing for proactive defence before an actual incident

• Providing recommendations to improve cybersecurity posture going forward

• Performing knowledge transfer to prepare customers to defend against today’s threat landscape

• ing, analyzing, and summarizingsecurity threatsand response capabilities,sharing

• ying, conducting, and supportingothers in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature

• ingand documentingnew solutions to mitigate security issues

• ingprioritization and validation methods for technical indicators, develops tools to automate analyses

• Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources

Thought Leadership

This role includes the ability to be at the forefront of Microsoft Security thought leadership by:

• Developing written content for publication on Microsoft blog platforms

• Developing presentations for delivery at internal and external conferences

• Use the unique experiences of Microsoft Incident Response to create unique storytelling moments

Operational Excellence

Must be maintained by:

• ingoperational tasks and readinesswithtimeliness and accuracy.

• ingMicrosoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines).

• ingbyexample and guiding