Microsoft Cybersecurity Incident Response Team Lead 

United States 

679402354

The Team Lead plays a vital role in responding to major cybersecurity incidents. They guide multi-functional teams through the incident response process, ensuring a balance between speed of recovery, evidence preservation, and security of the restoration process. As a Lead Investigator, you’ll operate like the conductor of an orchestra, coordinating actions and adapting quickly to complex situations.

Required/Minimum Qualifications

• Doctorate in Statistics, Mathematics, Computer Science or related field OR 7+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• 3+ years cybersecurity Incident response investigation experience.
• 7+ years consulting experience.

Additional or Preferred Qualifications

• Doctorate in Statistics, Mathematics, Computer Science or related field OR 8+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• Security Certifications in any of the following: OSCP, CISSP, SANs Certifications. Or SC Certifications from Microsoft.
• Delivery of complex and technical discussions effectively to customer representatives of varying levels - from deep environment and platform technical considerations, through to communicating the effective impact and outcome of security posture recommendations to to be consumed both at the executive and technical practitioner level.
• Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting.
• Eligibility or currently active government security clearance

Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.

• Elevates findings appropriately to address and mitigate issues.
• Balances value of dissemination over risk of divulging techniques.
• Works with others to incorporate findings into future designs and analyses (e.g. creates working groups).
• Leads data quality efforts to ensure timely and consistent access to data sources.
• Leads efforts to clean, structure, and standardize data and data sources.
• Creates a schedule for analysis of multiple feature areas.
• Develops guidelines, models, and best practices to enable teams to avoid common patterns of issues.
• Architects solutions across multiple teams and organizations, and automation related to specific kinds of security issues (e.g., signature detection, malware, threat analysis, reverse engineering).
• Drives the development of guidance and education that result from resolution of security issues.
• Advocates for key security issues and mitigations to teams and upper management.
• Evangelizes security practices across the company.
• Applies subject matter expertise and leads postmortem and root-cause analyses for complex and/or large-scale, live site issues to create repair items, specifies tools and systems that support incident management, and mitigates and resolves issues across organizations.
• Ensures best practices for security architecture, design, and development are in place.
• Incident Response Leadership: Experience in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.
• Lead and manage incident response efforts during cybersecurity incidents by clearly understanding customer requirements
• Identify gaps early in the engagement process and request appropriate resources to fill those gaps.
• Coordinate with technical teams, consultants, and partners to orchestrate an appropriate response and ensure the engagement is completed on time to provide the most complete engagement for the customer.
• Balance the need for rapid recovery with data collection and evidence preservation.
• Direct activities to secure the environment and assess potential data theft
• Management of large scale incidents in a follow-the-sun format working with fellow team members from across the globe.
• Contextual application of MITRE Attack Framework and or OSI Model.
• Embody our