The Microsoft Security Response Center is looking for a Senior Security Incident Responder to join the Microsoft 365 (M365) Security response team. Microsoft 365 brings together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients. Our customers depend on our services to achieve success in their organizations, whether it be a Fortune 100, small business, non-profit, educational institution, or the US Government. Our customers trust us with their most critical data, and we honor that trust with continuous investment and improvement in the security of our services.

There are few places in Microsoft that have a direct impact on as many customers as our M365 Security Response team where you will coordinate response to the most critical security and privacy issues facing the business and our customers. When you read in the news about hackers; when the integrity of our cloud is at stake; or when a zero-day exploit is being used to attack customers, the Security Incident Response team works across the division to rapidly defend Microsoft 365 services and its customers against these threats.

The opportunity for leadership that accompanies this individual contributor position is unique. You will lead highly technical forensic investigations, coordinate security response activities, and make key risk decisions in an overall effort to protect Microsoft and our customers. With limited information, you will regularly connect with senior leaders in the company, make high-stakes decisions with executive visibility on extremely short timelines. Interpersonal awareness, attention to detail, and the ability to foster cooperation and trust across teams are key to success in this role. Candidates should have a deep foundation in security with a proven track record in managing risk.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

In this role you will work to help identify risks to the M365 business and customers. You will investigate and respond to issues, extract learnings from incidents, and partner with peers to improve prevention, detection, and response mechanisms in the future. Responsibilities include:

• Lead and coordinate the response and recovery activities from information security incidents, and manage function-related business processes

• Work closely with investigators and security engineering across M365 (e.g. Office ATP (Advanced Threat Protection), Office 365, AAD (Azure Active Directory) and Micorosft Defender), as well as across Microsoft Security (Azure, Corporate Security, etc) to protect customers and Mircosoft.

• Build relationships with key stakeholders across the division that can improve our security practices and response capabilities.

• Manage activities across all issues throughout the incident lifecycle.

• Collaborate with researchers, coordinators, and engineers to improve the protection, detection, and response capabilities of the products.

• Innovate processes, create strategies and work with partner teams to promote efficiency and standardization.

• Ensure excellence through regular training and learnings.

• Drive learnings into our products to protect all our customers.

Other:

• Embody our Culture (https://www.microsoft.com/en-us/about/corporate-values) and Values (https://careers.microsoft.com/us/en/culture)

Qualifications

Required/Minimum Qualifications:

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response

• o OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

• 5+ years of experience in information security incident handling and/or security operations.

• Experience triaging security vulnerabilities and driving product and/or service response.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Microsoft Cloud Background Check . This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Preferred/Additional Qualifications:

• Experience working in a high pressure environment while maintaining focus and a professional approach.

• Experience communicating complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner.

• Experience with large scale and complex incidents of all types, including APT (Advanced Persistent Threat), DDoS (Distributed Denial of Service), malicious insider, web and mobile applications, and data exfiltration.

• Foundational knowledge in software engineering and/or cloud technologies including: cloud services, hardware, networking, architecture, protocols, file systems, and operating systems.

• Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc.

• Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking.

• Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc.

• Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc.

• Ability to work effectively in ambiguous situations and respond favorably to change.

• Knowledge in detection technologies and methodologies

• Deep and practical OS (Operating System) security/internals knowledge

• Experience working on security investigations in cloud services and understand the nuances of supporting cloud service investigations vs host/endpoint based.

• Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills.

• Good knowledge of kill-chain model, ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework, and modern red team tactics and techniques.

• You will be working closely with other product group engineers across Microsoft as well as customer engineers and system administrators so effective communication skills and situational awareness is needed.

• Certifications including, but not limited to, any of the following: GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are a plus.

Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications and processes offers for these roles on an ongoing basis.

#Exchange #IncidentResponse #DFIR #DSR #MSFTSecurity

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .