With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft's end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.The mission of the Microsoft Detection and Response Team (DART) part of CE&S is to empower organizations to combat cyber threats through intelligence-driven investigation and strategic mitigation, leveraging our expertise to safeguard digital assets. Our vision is to be the leading provider of expert incident response services, significantly reducing the time to investigate and neutralize threats, and fostering a resilient and secure digital future for all.The Microsoft Incident Response team is seeking a skilled and experienced infrastructure specialist to join our team, who are the first port of call for many customers during a security incident. This role presents an opportunity to be the tip of the spear during incident response engagements, driving the data collection, response, containment, and recovery workstreams throughout the incident and presenting findings to stakeholders from every part of the business. Strong knowledge of Microsoft security solutions and identity systems are key, ideally with experience in both on-premises and cloud environments, along with the ability to communicate technical content with clarity and context, and good knowledge of nation-state and cybercrime attack techniques. A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills.Along with working reactive incident response cases for some of the most esteemed businesses in the world, infrastructure team members should be able to conduct research into novel technique response and recovery, have excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft. Thought leadership is a key priority, in the form of written and spoken content delivered both internally and externally. Any successful candidate should also embody Microsoft's culture and values.The role is flexible in that you can work up to 100% from home; however, short notice travel to work onsite alongside customers could be 40% or higher as demanded by the needs of our customers and business. This position may require you to work a rotational On-Call schedule, evenings, weekends, or holiday shifts. Though schedule changes are not frequent, you will need to have flexibility to accommodate changes as needed.Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees, we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.ResponsibilitiesTechnical DeliveryThis role will work as part of a collaborative team assisting our top customers with:Ability to contextualize and prioritize adversary containment and recovery efforts across multiple workstreamsAbility to quickly build and execute a recovery plan as a response to large-scale impactful incidents involving ransomware and destructive adversarial campaignsDeploying forensic collection tooling across a wide range of complex environmentsIdentifying potential threats – allowing for proactive defense before an actual incidentProviding recommendations to improve cybersecurity posture going forwardPerforming knowledge transfer to prepare customers to defend against today's threat landscapeResearchSecurity threats are constantly evolving, and so must the Microsoft Incident Response team. To that end, this role will involve:Researching, analyzing, and summarizing security threats and response capabilities, sharing across the teamIdentifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literatureCreating and documenting new solutions to mitigate security issuesRecommending prioritization and validation methods for technical indicators, developing tools to automate analysesLeading efforts to clean, structure, and standardize data and data sources; leading data quality efforts to ensure timely and consistent access to data sourcesThought LeadershipThis role includes the ability to be at the forefront of Microsoft Security thought leadership by:Developing written content for publication on Microsoft blog platformsDeveloping presentations for delivery at internal and external conferencesUsing the unique experiences of Microsoft Incident Response to create unique storytelling momentsOperational Excellence Must Be Maintained ByCompleting operational tasks and readiness with timeliness and accuracy.Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines).Leading by example and guiding team members on operational tasks, readiness, and compliance.QualificationsRequired/Minimum Qualifications:Degree in Statistics, Mathematics, Computer Science or related field OR experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.In-depth knowledge of one or more of the following disciplines:Experience with Threat Actor containment during an incident, rapid recovery of critical infrastructure (primarily Active Directory rebuild and restoration), and eviction of a Threat Actor after an investigationActive Directory and associated components (Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, AD tiering models, gMSAs)Entra ID and associated components (Conditional Access, Multifactor Authentication, Passwordless Authentication, Privileged Identity Management, Identity Protection, Entra ID Connect)Azure Resource Management, Azure Infrastructure as a Service (IaaS), Role Based Access Controls (RBAC), Subscriptions, Resource Groups, Management GroupsProficiency in one or more query languages (KQL, SPL, SQL, etc.)Experience with large scale orchestration and deployment of software using Linux deployment tools such as Ansible, Chef, Puppet, etc.Strong knowledge of at least two or more of the following products in the Microsoft Defender suiteAdditional Or Preferred QualificationsExperience in PowerShell and bash scriptingExperience with third-party security products, including but not limited to, Splunk, CrowdStrike Falcon, QRadar, etc.Experience with Microsoft Public Key Infrastructure (PKI) implementations, Active Directory Federation Services (AD FS)Understanding and working knowledge of the Linux and MacOS platformsExperience with two or more of Microsoft's portfolio of Artificial Intelligence (AI) products such as Security Copilot, Bing Copilot, Github Copilot, Office Copilot and Windows CopilotUnderstanding of DevOps, concepts such as Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management and Continuous Monitoring.Experience with management of virtualization platforms such as Hyper-V, VMware, etc.Experience with IP network management including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flowMicrosoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
#J-18808-Ljbffr
