Do you have a passion for security and excitement about impacting some of the largest and most complex security challenges Microsoft is involved with today in hosting petabytes of business-critical customer data? We’re looking for a M365 Cloud Incident Responder with the right mix of technical depth, engineering background, on-line services experience and collaboration skills to help grow and protect M365 cloud services.

Microsoft 365 is at the center of Microsoft’s cloud first, devices first strategy, bringing together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients.

As a Senior Security Incident Responder, you will work closely with other cloud and security experts across Microsoft to investigate threats, coordinate response and mitigation, communicate state, improve and automate processes, develop security tooling and data automation, and contribute your experience and expertise to countless other projects that enhance the security and scalability of our cloud services in a DevOps model. You will participate in required activities to discuss incidents and facilitate discussion around trends and early warning indicators, as well as help design solutions to emerging threats. M365 Security is a fast-paced team that constantly provides new opportunities to learn and grow.

This position requires to employees to work with Microsoft's core working hours in the Pacific Time Zone.

Responsibilities

• Analyze potential security issues and develop investigation and resolution plans

• Drive enhancements to improve detection, response, and remediation processes within a cross functional team

• Communicate complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner

• Rapidly react to changing situations and develop new plans based on recent discoveries

• Analyze and improve situational awareness and incident response capabilities

• Coordinate with internal and external business partners and security teams at a broad technical level.

• Create technical documentation for other analysts and other teams to follow

Work with other internal and external teams to forge new and improve existing partnerships that help mature the teams' techniques, tactics and procedures

Qualifications

Required/Minimum Qualifications:

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response

• OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

• 5+ years of experience in information security incident handling and/or security operations.

• Experience triaging security vulnerabilities and driving product and/or service response.

Other requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Working knowledge of common security, encryption and protocols such as encryption, AuthN/AuthZ, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH

• Experience with service engineering and admin of M365 products such as Exchange, SharePoint, Skype, Teams

• Expertise with Microsoft's line of security products: Microsoft Defender for Endpoint (MDE), Microsoft Defender for Office (MDO), Microsoft Defender for Identity (MDI), Microsoft Cloud App Security (MCAS), Azure Sentinel, Azure Security Center (ASC), etc

• Experience with big data and SIEM solutions such as ArcSight, Splunk, Elasticsearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, Azure Sentinel, etc.Ability to work effectively in ambiguous situations and respond favorably to change

• Comfortable working in a startup mode on a new team where there is lots of opportunityCertifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are a plus.

• 3+ years working in cyber security (Information Security, InfoSec, SecOps, Security Operations, SOC, CSOC, analyst, researcher, etc.) field

• Familiarity of security response against active adversaries

• Experience working with analytics software, like PowerBI, to answer and illustrate complex problems.

• Skilled working with SOAR toolsets.

• Experience working with automation tools such as, logic apps, power automate, and PowerShell.

• Demonstrated ability to understand and communicate technical details, both verbally and written, to varying levels of audiences that may include C-level executives.

• Ability to work collaboratively with engineering teams to drive architectural changes that improve the stability and security of each environment.

• Hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.

• Demonstrated success in dealing with ambiguity and problem definition under timeline constraints.

• An ability to work well under pressure while maintaining professionalism.

• Exposure to security related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis.

• Ability to meet on call responsibilities periodically to support 24x7 operations.

Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is US $112,000 - $218,400 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $145,800 - $238,600 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications and processes offers for these roles on an ongoing basis

#M365 #Office #Exchange #IncidentResponse #DFIR #DSR #MSFTSecurity

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .