Service Engineer 2/Security Incident Response
Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
We are looking for a security engineer to work in a highly collaborative, dynamic environment within the team responsible for security incident response at Microsoft. You will focus on attack analysis, conduct detailed investigation and analysis of security-related findings, alerts and events. You will manage escalations and incidents in close coordination with teams across the Cyber Defense Operations Center, security product groups and services. You will have the opportunity to participate in security testing and simulated response.
This work requires real-time problem solving, technical curiosity, excellent judgement and communications. Responsibilities include developing mitigation strategies, understanding root cause and developing repair items. You will perform technical analysis, document findings and recommendations, develop playbooks, provide timelines and deliver updates and other communications to audiences ranging from internal teams and executives to our most discerning customers.
Knowledge, experience and skills required:
* A minimum of Bachelor's degree in Computer Science, Engineering, Business or a related field, or alternative educations, skills, and/or practical experience is required
* Demonstrated experience in computer security related disciplines, including but not limited to the following subject areas: software vulnerabilities and exploitation, host forensics, malware analysis, network traffic analysis, Insider Threat and web-focused security topics.
* Knowledgeable about modern security related subjects and trends, for example, Advanced Persistent Threat (APT), rootkits, Spear Phishing, and credential compromise techniques.
Preferred, not required:
* Proven ability to drive large scale projects with high collaboration and leadership
* Excellent written and oral communications
* Excellent judgment, decision making skills, and the ability to work under pressure
* Excellent presentation skills and experience of presenting to senior management
* Experience with Cloud Computing and technology
* Experience with Unix/Linux, or work relating to OS internals or file level forensics
* CISSP or related GIAC certifications
The ideal candidate will have experience in a team environment, experience in a Security Operations Center or equivalent experience in enterprise scale services and platforms, technical depth in highly dynamic, complex environment.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
* Triage incidents and events for direct action and resolution
* Technical analysis to determine impact and action plans
* Coordinate appropriate response activities across teams or directly with stakeholders to remediate potential threats
* Develop playbooks for improved process and information sharing across teams
* Initiative and project related support to provide Security Operations and Incident Response perspective and subject matter expertise
* Some after-hours responsibilities and escalations
Microsoft develops, licenses, and supports software, services, devices, and solutions.