Senior Incident Response Engineer in Reading

Interested in security and incident response? Then come join the Cybersecurity Incident Response Team (CIRT) at Microsoft as an Incident Response Engineer responsible for helping customers investigate security incidents in their environment. As an Incident Response engineer, you will be an elite member of a customer facing security support team leading incident response investigations for Microsoft’s enterprise customers. You have experience in analysing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of security incidents. You are familiar with collecting and analysing security incident related data to identify indicators of attack and compromise.

In the Customer Service & Support (CSS) team we are looking for people with a passion for delivering customer success. As an Incident Response Engineer, you will own, troubleshoot, and solve complex customer technical issues. This opportunity will allow you to accelerate your career growth, hone your problem-solving, collaboration and research skills, and deepen your technical proficiency. This role is flexible in that you can work up to 100% from home.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities:

• Scope customer security incidents.
• Understand and identify indicators of attack and indicators of compromise.
• Investigate root cause of complex security incidents.
• Analyse incident data from threat analytics tools.
• Collaborate with the Security and Threat Intelligence teams by providing indicators of compromise and samples of malware from the customer’s environment.
• Coordinate a response to the security incident with other Microsoft security and consulting teams.
• Develop, document, and implement runbooks, capabilities, and techniques for Incident Response.
• Perform security triage and analysis on endpoint, server, and network infrastructure.
• Perform activities necessary for immediate containment and short-term resolution of incidents.
• Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities.
• Maintain a high level of confidentiality.
• Participate in the on-call rotation as required.

Required/Minimum Qualifications (RQs/MQs):

• Demonstrated experience in customer-facing roles (Customer support experience is preferred).
• Practical experience managing and troubleshooting Network, Windows Server, Windows Client, and Active Directory environments.
• Working knowledge of Entra ID and Microsoft 365 management and troubleshooting experience.
• Experience or passion in Cybersecurity and Security Incident Response.
• Ability to manage complex Incident Response situations with a focus on deep technical troubleshooting and empathetic customer engagement.
• Experience supporting large and complex geographically distributed enterprise environments with 1000+ users.
• Bachelor's degree in Computer Science, Information Technology (IT), or related field AND demonstrated experience of technical support, technical consulting experience, or information technology experience.

Additional or Preferred Qualifications (PQs):

• Experience in Security Incident Response with recent operational security experience (Indicator of Attack / Indicator of Compromise deep investigation, On-Premises data and Cloud log investigation, Malware Analysis, Threat Analytics, Threat Intelligence, endpoint security, etc.)
• Experience in Network Security Administration, and/or Systems Administration with experience in Windows Server, Windows Client, and Active Directory Administration.
• Experience in Cloud investigations with Entra ID, Microsoft 365 and Microsoft Defender solutions.
• Experience with any Microsoft Defender solutions.
• Experience in Azure Identity management and troubleshooting.
• Kusto Query Language knowledge.
• Cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments.
• Automation (PowerShell and/or Python, Java, or a similar language, can be a beginner to intermediate level).
• Preferred IT Industry certifications (Microsoft Certifications On-Prem or Cloud, SANS GCIH, CISSP, CEH, Amazon AWS, etc.)
• Preferred Bachelor’s degree or higher in a technical field, or relevant work experience.

Language Qualification:

• English Language: fluent in reading, writing and speaking.
• Ability to meet Microsoft, customer and / or government security screening requirements are required for this role.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances.

If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.