Cybersecurity Incident Response Infrastructure Specialist

at  Microsoft

WHY MICROSOFT

With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.
The Detection and Response Team (DART) is looking for a Cybersecurity Incident Response Infrastructure Specialist to join the team. The DART team provides holistic security incident response leadership and investigations for its customers and helps our customers become cyber-resilient.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

WHAT SKILLS DO YOU NEED TO HAVE?

There will be many opportunities for you to learn and grow into this role and Microsoft.

MINIMUM QUALIFICATIONS

• Minimum of 5 years in a relevant role.
• Exceptional communication skills, both verbal and written.
• Collaborative team player in customer-facing environments.
• In-depth knowledge of Microsoft security fundamentals across various platforms.
• Proficient in deploying advanced security technologies and management tools like Intune and MECM.
• Skilled in Kusto Query Language, with scripting expertise in PowerShell or Python.
• Advanced understanding of Windows authentication mechanisms and related services.
• Experienced in managing hybrid identity solutions and troubleshooting related issues.
• Comprehensive cybersecurity knowledge, particularly in identity security within Microsoft environments.
• Proficient in cloud authentication protocols and technologies.
• Knowledgeable in Conditional Access and identity management best practices.
• Proven ability to understand and mitigate common cyber-attack strategies.
• Extensive experience in Active Directory recovery and management.
• Expertise in multifactor and passwordless authentication methods.
• Proficiency in at least two Microsoft Defender products.
• Experienced with SIEM and SOAR platforms like Microsoft Sentinel.
• Familiarity with Linux internals.

ADDITIONAL QUALIFICATIONS

• Skilled in managing high-pressure incident response situations, guiding customers through critical decisions with evidence-based action plans.
• Proficient in translating complex technical details into clear, actionable insights for stakeholders at all levels, including C-suite executives.
• Collaborative team player, adept at workload sharing and global coordination with peers in a follow-the-sun model.
• Capable of producing high-quality deliverables, such as action plans, briefings, and presentations, tailored for both executive and technical audiences.
• Eligibility for a government security clearance is a plus.
  Microsoft believes that by investing in our people and creating an inclusive environment, our team will do their best work. See our complete list of benefits and why we are recognised as an Endorsed Employer for Women by WORK180. Microsoft Benefits | WORK180 Endorsed Employer
  Our mission is deeply inclusive. Inside Microsoft | Global Diversity and Inclusion at Microsoft

RESPONSIBILITIES:

This role is a crucial part of a collaborative team that works together to serve as infrastructure specialists and assist our customers collect data critical to the success of an investigation, containment and recovery in the midst of a cyber attack. You will also implement containment measures, and proactively address threats while also ensuring large-scale infrastructure recovery.
This role is flexible in that you can work up to 100% from home.