As a Senior Incident Response engineer, you will be an elite member of a customer facing security support team leading incident response investigations for Microsofts enterprise customers. You have experience in analysing, triaging, scoping, containing, providing guidance for remediation, and determining the root cause of security incidents. You are familiar with collecting and analysing security incident related data to identify indicators of attack and compromise.
In the Customer Service & Support (CSS) team we are looking for people with a passion for delivering customer success. As a Senior Incident Response Engineer you will own, troubleshoot and solve highly complex customer technical issues. This opportunity will allow you to accelerate your career growth by honing your problem-solving, collaboration and research skills, and developing your technical proficiency.
This role is flexible in that you can work up to 100% from home.
Microsofts mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities:
Scope customer security incidents
Understand and identify indicators of attack and indicators of compromise
Analyse incident data from threat analytics tools
Collaborate with the Security and Threat Intelligence teams by providing indicators of compromise and samples of malware from the customers environment
Coordinate a response to the security incident with other Microsoft security and consulting teams.
Develop, document, and implement runbooks, capabilities, and techniques for Incident Response
Perform security triage and analysis on endpoint, server and network infrastructure.
Perform activities necessary for immediate containment and short-term resolution of incidents.
Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities
Investigate root cause of complex security incidents
Maintain a high level of confidentiality
Participate in the on-call rotation as required
דרישות:
Minimum 2+ years Security Incident Response experience with recent operational security experience (SOC, Malware Analysis, IDS/IPS Analysis, threat analytics, windows server, and endpoint security, etc.)
Minimum 2+ years Cloud investigations experience with Entra ID, Microsoft 365 and Microsoft Defender solutions
Minimum 2+ years customer facing experience - Customer Support experience preferred
Experience supporting large and complex geographically distributed enterprise environments with 1000+ users
Minimum 1+ years of experience in Network Security Administration, and/or Systems Administration with experience in Windows Server, Windows Client, and Active Directory Administration
Bachelor's degree in Computer Science, Information Technology (IT), or related field AND 5+ years of technical support, technical consulting experience, or information technology experience
Excellent written and spoken English language skills
Additional or Preferred Qualifications (PQs)
Experience in Entra ID and Microsoft 365 management and troubleshooting
Experience with any Microsoft Defender solutions
Experience in Azure Identity management and troubleshooting
Kusto Query Language knowledge
Cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
Automation (PowerShell and/or Python, Java, or a similar language, can be a beginner to intermediate level).
Preferred IT Industry certifications (Microsoft Certifications On-Prem or Cloud, SANS GCIH, CISSP, CEH, Amazon AWS, etc.)
Preferred Bachelors degree or higher in a technical field, or relevant work experie#ENG המשרה מיועדת לנשים ולגברים כאחד.
