Microsoft Senior Security Incident Responder 

United States 

831554456

Required/Minimum Qualifications:

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
  • o OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
• 5+ years of experience in information security incident handling and/or security operations.
• Experience triaging security vulnerabilities and driving product and/or service response.
  

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Preferred/Additional Qualifications:

• Experience working in a high pressure environment while maintaining focus and a professional approach.
• Experience communicating complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner.
• Experience with large scale and complex incidents of all types, including APT (Advanced Persistent Threat), DDoS (Distributed Denial of Service), malicious insider, web and mobile applications, and data exfiltration.
• Foundational knowledge in software engineering and/or cloud technologies including: cloud services, hardware, networking, architecture, protocols, file systems, and operating systems.
• Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc.
• Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking.
• Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc.
• Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc.
• Ability to work effectively in ambiguous situations and respond favorably to change.
• Knowledge in detection technologies and methodologies
• Deep and practical OS (Operating System) security/internals knowledge
• Experience working on security investigations in cloud services and understand the nuances of supporting cloud service investigations vs host/endpoint based.
• Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills.
• Good knowledge of kill-chain model, ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework, and modern red team tactics and techniques.
• You will be working closely with other product group engineers across Microsoft as well as customer engineers and system administrators so effective communication skills and situational awareness is needed.
• Certifications including, but not limited to, any of the following: GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are a plus.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

In this role you will work to help identify risks to the M365 business and customers. You will investigate and respond to issues, extract learnings from incidents, and partner with peers to improve prevention, detection, and response mechanisms in the future. Responsibilities include:

• Lead and coordinate the response and recovery activities from information security incidents, and manage function-related business processes
• Work closely with investigators and security engineering across M365 (e.g. Office ATP (Advanced Threat Protection), Office 365, AAD (Azure Active Directory) and Micorosft Defender), as well as across Microsoft Security (Azure, Corporate Security, etc) to protect customers and Mircosoft.
• Build relationships with key stakeholders across the division that can improve our security practices and response capabilities.
• Manage activities across all issues throughout the incident lifecycle.
• Collaborate with researchers, coordinators, and engineers to improve the protection, detection, and response capabilities of the products.
• Innovate processes, create strategies and work with partner teams to promote efficiency and standardization.
• Ensure excellence through regular training and learnings.
• Drive learnings into our products to protect all our customers.

• Embody our and