Cyber Security Incident Response Lead jobs in United States
info-icon
This job has closed.
company-logo

Microsoft · 18 hours ago

Cyber Security Incident Response Lead

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$120K/yr - $235K/yr
date8+ years exp

Microsoft is a global leader in technology, and they are seeking a Cyber Security Incident Response Lead to join their Detection and Response Team (DART). This role involves leading incident response efforts, managing complex cybersecurity investigations, and communicating findings to various stakeholders, including executive teams.

Agentic AIApplication Performance ManagementArtificial Intelligence (AI)Business DevelopmentDevOpsInformation ServicesInformation TechnologyManagement Information SystemsNetwork SecuritySoftware
check
Growth OpportunitiesbadNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
Communicating key objectives and results with clarity and context
Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
Leading research and analysis of security threats, and sharing findings across the team
Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats. Creating new solutions to mitigate security issues
Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources
Developing written content for publication on Microsoft blog platforms
Developing presentations for delivery at internal and external conferences
Use the unique experiences of Microsoft Incident Response to create unique storytelling moments
Lead from the front by ideating, mentoring, and supporting thought leadership efforts across the team
Completing operational tasks and readiness with timeliness and accuracy
Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines)
Leading by example and guiding team members on operational tasks, readiness, and compliance

Qualification

CybersecurityIncident Response LeadershipThreat AnalysisEvidence CollectionSecurity CertificationsLarge-scale ComputingVulnerability ResearchAnalytical SkillsCritical ThinkingDocumentation SkillsCommunication Skills

Required

Doctorate in Computer Science, Computer Security, or related field
OR Master's Degree in Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
OR Bachelor's Degree in Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
OR equivalent experience
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter

Preferred

Doctorate in Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
OR Master's Degree in Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
OR Bachelor's Degree in Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
OR equivalent experience
Security Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft
Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
Eligibility to obtain or currently active government security clearance
Incident Response Leadership: Experience in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps. This skill set should include but is not limited to: Lead and manage high-profile incident response efforts for some of the world's largest businesses, Coordinate and lead all key stakeholders as the primary point of contact for major incidents. This could include technical teams, executives, consultants, and partners, Identify gaps early in the engagement process and request appropriate resources to fill those gaps, Balance the need for rapid recovery with data collection and evidence preservation, Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection, Management of large scale incidents in a follow-the-sun format working with fellow team members from across the globe, Contextual application of MITRE Attack Framework and or OSI Model, Delivery of complex and technical discussions effectively to customer representatives of varying levels

Company

Microsoft

twittertwittertwitter
Glassdoor4.3
company-logo
Microsoft is a software corporation that develops, manufactures, licenses, supports, and sells a range of software products and services.
dateFounded in 1975
location
Redmond, Washington, USA
people-size10001+ employees
web-link
https://www.microsoft.com

Funding

Current Stage
Public Company
Total Funding
$1M
Key Investors
Technology Venture Investors
2022-12-09Post Ipo Equity
1986-03-13IPO
1981-09-01Series Unknown· $1M

Leadership Team

leader-logo
Satya Nadella
Chairman and CEO
linkedin
leader-logo
Vukani Mngxati
Chief Executive Officer - Microsft South Africa
linkedin

Recent News

Sherwood News
Here’s a rundown of the AI-powered humanoid robots that tech companies want to be your new roommates
2026-01-16
Cult of Mac
Today in Apple history: Bill Gates quits as Microsoft CEO
2026-01-16
Morningstar.com
Utilities Up on Demand Optimism — Utilities Roundup
2026-01-16
Company data provided by crunchbase