As a Security Incident Response Support Engineer , you will be an elite member of a customer facing security support team leading incident response investigations for Microsoft’s enterprise customers.
You have experience in analyzing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of security incidents.
You are familiar with collecting and analyzing security incident related data to identify indicators of attack and compromise.
You have a passion for learning new technologies, collaborating with other experts to find solutions, having complete customer obsession, continuously optimizing and improving the customer support experience, and having fun.
You enjoy working on challenging issues that require in depth investigation, excellent communication, and complete ownership to drive issues to resolution.
You obsess over small details to make sure that each customer interaction not only drives issues to resolution, but also ensures that customers are effectively using Microsoft technologies to further the success of their business.
Beyond extensive technical focus, this role requires the ability to communicate issues and recommendations clearly and concisely and build broad relationships with influencers to impact key business results.
You understand incident response best practices and use this understanding to influence key decision makers.
Scope customer security incidents
Understand and identify indicators of attack and indicators of compromise
Analyze incident data from different threat analytics tools
Communicate recommendations and guidance based on results of security incident analysis to the customer
Coordinate a response to the security incident with other Microsoft security and consulting teams
Develop, document, and implement runbooks, capabilities, and techniques for IR
Perform security triage and analysis on endpoint, server and network infrastructure
Collaborate with the security intelligence team by providing samples of malware from the customer’s environment
Perform activities necessary for immediate containment and short-term resolution of incidents
Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities
Experience supporting large and complex geographically distributed enterprise environments with 1000+ users
Demonstrated passion for learning new technologies
Strong collaborative skills and extensive cross-group coordination skills
Excellent documentation skills and ability to translate complex technical processes into simple to follow written guides
Previous experience working in a large, complex, highly matrixed global organization is preferred
Ability to work in a high pace environment with many competing priorities and randomization
Demonstrated experience in Network Security Administration, and / or Systems Administration with experience in Windows Server, Windows Client, and Active Directory Administration
Security Incident Response experience with recent operational security experience (SOC, Malware Analysis, IDS / IPS Analysis, threat analytics, windows server, and endpoint security, etc.)
Knowledge and hands-on experience working with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
Automation (PowerShell and / or Python, Java, or a similar language, can be a beginner to intermediate level).
Experience in Linux and / or Mac administration is prefered
Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings : Microsoft Cloud Background Check : This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.