Join to apply for the Incident Response Engineer - CIRT role at Microsoft .
Within the Customer Service & Support (CSS) organization, we build trust and confidence by delivering seamless support, powered by Microsoft's AI technology. We are seeking a Senior Incident Response Engineer to lead investigations for enterprise customers, analyzing, triaging, and responding to security incidents.
Responsibilities
1. Scope customer security incidents
2. Identify indicators of attack and compromise
3. Analyze incident data using threat analytics tools
4. Collaborate with Security and Threat Intelligence teams, sharing indicators and malware samples
5. Coordinate incident responses with Microsoft security teams
6. Develop and implement runbooks and techniques for Incident Response
7. Perform security triage on endpoints, servers, and networks
8. Contain and resolve incidents promptly
9. Stay updated on the threat landscape and vulnerabilities
10. Investigate root causes of complex incidents
11. Maintain confidentiality
12. Participate in on-call rotations as needed
Qualifications
Required:
* Bachelor's degree in a relevant field and 5+ years of technical support/IT experience, or 7+ years of relevant experience
* At least 2 years in Security Incident Response with operational security experience
* Experience with cloud investigations (Microsoft 365, Entra ID, Defender)
* Customer-facing experience
* Support for large, distributed enterprise environments
* Experience with Network and Systems Administration (Windows Server, Active Directory)
* Knowledge of Entra ID, Microsoft 365, and Azure Identity troubleshooting
* Kusto Query Language proficiency
* Cloud security and migration experience
* Automation skills (PowerShell, Python, etc.)
Preferred:
* Relevant certifications (Microsoft, SANS, CISSP, etc.)
* Linux and/or Mac administration experience
Note: Candidates must meet security screening requirements, including Microsoft Cloud Background Check.
Additional Information
* Employment type: Full-time
* Location: Flexible (up to 100% remote)
* Industry: Software Development
#J-18808-Ljbffr