Cybersecurity Incident Response Engineer, Infrastructure Specialist

The Detection and Response Team (DART) is hiring for a Cybersecurity Incident Response Infrastructure Specialist to join the team. The DART team provides holistic security incident response leadership and investigations for its customers and helps our customers become cyber-resilient.

This role is a crucial part of a collaborative team that works together to serve as infrastructure specialists and assist our customers collect data critical to the success of an investigation, containment and recovery in the midst of a cyber attack. You will also implement containment measures, and proactively address threats while also ensuring large-scale infrastructure recovery.

With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.

This role is flexible in that you can work up to 100% from home.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required Qualifications

• Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
  Experience deploying advanced Windows client security technologies and technologies such as Intune, MECM, Ansible, Puppet
• Expertise in Kusto Query Language or equivalent, scripting skills in PowerShell or Python
• Advanced understanding of Windows authentications (NTLM, Kerberos, LDAP) and supporting technologies such as Active Directory Federation Services and Active Directory Certificate Services
• Experience with understanding and troubleshooting Hybrid Identity Including Active Directory, Azure AD and technologies such as Azure AD Connect, Azure AD Password Protection
• Extensive Cybersecurity knowledge and understanding within the Identity plane such as Azure Active Directory Logging, Risk Events, Multi Factor Authentication, Microsoft Defender for Identity, Privileged Identity Management (PIM), and other Microsoft 365 Defender technologies.
• Expertise in at least two, preferably three products Microsoft Defender suite (Defender for Endpoint, Defender for Cloud Apps, Defender for Cloud, Defender AV
• Expertise in SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, QRadar etc.

Additional Qualifications

• Familiarity with effective operational management processes to ensure effective tasking amongst your internal team members when managing customer infrastructure actions in a limited window of time.
• Ability to operate effectively in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.
• Ability to communicate complex and technical considerations effectively to customer representatives of varying levels - from deep environment and platform technical considerations, through to communicating the effective impact and outcome of your infrastructure recommendations to the C-suite level.
• Effective communication with your fellow team members ensuring effective sharing of your current workload, most importantly in a follow-the-sun format when working with fellow team members from across the globe.
• Elibility for a government security clearance is a plus.

Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Technical-Oriented

• Utilizes engineering tools, customer telemetry and/or direct customer input to identify and flag the defects/signals in the product or product misuse, or an issue with the customer. Tracks customer incidents and with minimal oversight, engages with customers and partners to understand the issue, inform them about the active cases, and communicate progress and next steps to customers. With minimal guidance, contributes to or investigates and troubleshoots the issues using diagnostics
• Gathers feedback from the customers and partners to learn ways in which customers and partners use the service and identify feature and knowledge gaps, misconfigurations, metrics, and key performance indicators (KPIs) in the current product. With minimal guidance, implements new features/tools to improve products. Helps customers and partners stay current with best practices by sharing content via multiple forums. Identifies content improvement or troubleshooting guides. Helps implement automation of complex solutions for the team.
• Identifies and leverages potential developmental opportunities across product areas and business processes (e.g., mentorships, shadowing, trainings) for professional growth and to develop and execute on technical intensity/skilling to resolve customer issues.

   

Customer Solution Lifecycle Management

• Conducts health checks to ensure customer environment (e.g., product, service, feature) is optimized and configured for deployment. With minimal guidance, provides guidance to customers on understanding and implementing new versions, software updates, and releases of platforms within Microsoft. With minimal guidance, serves as a connecting point between the engineering team and customers representatives throughout the solution lifecycle. With minimal guidance, conducts feature reviews on new deployment to identify gaps. With managerial support, provides guidance to customers on designing configurations and deploying solutions on Microsoft platforms. With minimal guidance, engages with customers to understand their business and availability needs to then help develop guidance to meet deployment needs.
• Serves as a connecting point and escalates specific customer issues to appropriate teams to resolve customer issues. Communicates progress and keeps stakeholders aligned with respect to escalations. With some supervision, handles escalations on customer issues from the support or field teams. Escalates issues to seniors or managers within the team, if more assistance is needed. With minimal oversight, conducts root-cause analysis of the issues and follows up with the customers.
   

Relationship/Experience Management

• Collaborates with the relevant product and business groups on how customers use the product. Understands and identifies gaps in customer scenarios and product limitations. Provides details to the product and business groups on customer product experience and usage. With minimal supervision, acts as a voice of customers (VOCs) to inform product and business groups on customer product experience and usage.
• With minimal guidance, partners with other teams (e.g., program managers, software engineers, product, customer service support [CSS] teams) to review and unblock, and resolve customer incidents/issues. Collaborates with internal partner teams to supports delivery of solutions back to the customers. Informs stakeholders on customer progression including issues. Independently starts to build partnerships with internal technical teams to update the troubleshooting resources. With minimal guidance, works with the relevant product and business groups to resolve customer issues.

Other

• Embody our culture and values