Be an early applicantLess than 25 applicants

Company

Original Job Post

Microsoft · 2 days ago

Senior Security Incident Responder

USA

Full-time

Onsite

Senior Level

$117K/yr - $229K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Data ManagementDeveloper Tools

Actively Hiring

Growth Opportunities

Insider Connection @Microsoft

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Lead and coordinate the response and recovery activities from information security incidents, and manage function-related business processes

Work closely with investigators and security engineering across M365 (e.g. Office ATP (Advanced Threat Protection), Office 365, AAD (Azure Active Directory) and Micorosft Defender), as well as across Microsoft Security (Azure, Corporate Security, etc) to protect customers and Mircosoft.

Build relationships with key stakeholders across the division that can improve our security practices and response capabilities.

Manage activities across all issues throughout the incident lifecycle.

Collaborate with researchers, coordinators, and engineers to improve the protection, detection, and response capabilities of the products.

Innovate processes, create strategies and work with partner teams to promote efficiency and standardization.

Ensure excellence through regular training and learnings.

Drive learnings into our products to protect all our customers.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Software DevelopmentLarge-Scale ComputingModelingCyber SecurityAnomaly DetectionSecurity Operations Center (SOC) DetectionThreat AnalyticsSecurity IncidentEvent Management (SIEM)Information Technology (IT)Operations Incident ResponseInformation Security Incident HandlingSecurity OperationsTriage Security VulnerabilitiesProduct ResponseService ResponseMicrosoft Security ScreeningSoftware engineeringCloud technologiesOperating systemsAttack vectorsThreat tacticsIncident responseDetection technologiesData analyticsBig dataOS securitySecurity investigationsKill-chain modelRed team tactics

Required

5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response

OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field

5+ years of experience in information security incident handling and/or security operations

Experience triaging security vulnerabilities and driving product and/or service response

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role

Preferred

Experience working in a high-pressure environment while maintaining focus and a professional approach

Experience communicating complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner

Experience with large scale and complex incidents of all types, including APT (Advanced Persistent Threat), DDoS (Distributed Denial of Service), malicious insider, web and mobile applications, and data exfiltration

Foundational knowledge in software engineering and/or cloud technologies including: cloud services, hardware, networking, architecture, protocols, file systems, and operating systems

Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc

Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking

Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc

Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc

Ability to work effectively in ambiguous situations and respond favorably to change

Knowledge in detection technologies and methodologies

Deep and practical OS (Operating System) security/internals knowledge

Experience working on security investigations in cloud services and understand the nuances of supporting cloud service investigations vs host/endpoint based

Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills

Good knowledge of kill-chain model, ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework, and modern red team tactics and techniques

You will be working closely with other product group engineers across Microsoft as well as customer engineers and system administrators so effective communication skills and situational awareness is needed

Certifications including, but not limited to, any of the following: GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are a plus