Do you have a passion for helping Microsoft’s clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry, communicating with security industry leaders, and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? If so, you might be a candidate for the Microsoft Cybersecurity Detection and Response Team (DaRT).
The team is looking for a proven, experienced Incident Response (IR) Lead to join its client-facing group that responds to situations of targeted exploitation at Microsoft enterprise customers worldwide.
Ideal candidates should possess approximately 10+ years of related work experience along with the following:
• Ability to ensure the team’s overall successful delivery of an on-site Incident Response (IR) offering while dispatched to Microsoft client locations worldwide
• Several years of experience in delivery consulting for enterprise customers with a demonstrated history of leading projects
• Provide technical advisory services to client security leadership teams. Help guide the client through possible countermeasures and follow-up remediation activities
• Capability to quickly build rapport and establish credibility with client executive leadership and government investigating agencies
• Possess an entrepreneurial spirit combined with an ability to move quickly and efficiently through complex issues while in partnership with internal teams and customers with high expectations
• Solid technical and architectural knowledge and background of Microsoft platforms (Client, Server, Cloud)
• Comfortable with presenting recommendations, backed by technical and business rationale, to the most senior and technical levels within a customer organisation
Optional knowledge and experience with some of the following is a distinct advantage:
• Proven experience in helping enterprises manage vulnerabilities, measure security and ensure compliance
• Demonstrate knowledge of identifying risk, articulating that risk clearly to the business and discuss strategies to mitigate that risk
• Recognised as a subject matter expert in Incident Response with a deep understanding of real-world APT tools, tactics, and procedures. Must be able to quickly determine if cases are criminal, commodity malware, or advanced persistent threat cases and chart the course of the team’s response appropriate for each type of case
• Demonstrated history of leading teams of IR investigators to successfully scrutinize cases of advanced targeted exploitation or similar interactive hacking cases
• Architect-level command of enterprise computer network defense systems, such as NIDS, HIDS, SIEM/SEMs, web proxies, antivirus, and specialized-purpose security systems is necessary to assist clients during a response
• International consulting experience is a plus
• U.S. Citizenship and active TS/SCI clearance with full-scope polygraph
If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Cybersecurity Detection and Response Team.