With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft's end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience. The Global Customer Success (GCS) organization is leading the effort to create the desired customer experience through support offer creation, driving digital transformation across our tools, and delivering operational excellence across CE&S. The Microsoft Incident Response team are seeking a skilled and experienced infrastructure specialist to join us. This role presents an opportunity to be the tip of the spear during incident response engagements, driving the data collection, response, containment, and recovery workstreams and presenting findings to stakeholders from every part of the business. Responsibilities Technical Delivery This role will work as part of a collaborative team assisting our top customers with: Ability to deliver adversary containment and recovery efforts across multiple workstreams Ability to quickly build and execute a recovery plan as a response to large-scale impactful incidents involving ransomware and destructive adversarial campaigns Deploying forensic collection tooling across a wide range of complex environments Identifying potential threats – allowing for proactive defence before an actual incident Providing recommendations to improve cybersecurity posture going forward Performing knowledge transfer to prepare customers to defend against today's threat landscape Research Security threats are constantly evolving, and so must the Microsoft Incident Response team. To that end, this role will involve: Researching, analyzing, and summarizing security threats and response capabilities, sharing across the team Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature Creating and documenting new solutions to mitigate security issues Recommending prioritization and validation methods for technical indicators, develops tools to automate analyses Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources Thought Leadership This role includes the ability to be at the forefront of Microsoft Security thought leadership by: Developing written content for publication on Microsoft blog platforms Developing presentations for delivery at internal and external conferences Use the unique experiences of Microsoft Incident Response to create unique storytelling moments Operational Excellence Must be maintained by: Completing operational tasks and readiness with timeliness and accuracy. Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines). Leading by example and guiding team members on operational tasks, readiness, and compliance. Strong knowledge of Microsoft security solutions and identity systems is key, ideally with experience in containment and recovery of both on premises and cloud environments. The ability to communicate technical content with clarity and context, and good knowledge of nation state and cybercrime attack techniques is important. A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills. Along with working reactive incident response cases for some of the most esteemed businesses in the world, infrastructure team members should be able to conduct research into new attack and recovery techniques, have excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft. Thought leadership is a key priority, in the form of written and spoken content delivered both internally and externally. Any successful candidate should also embody Microsoft's culture and values. Qualifications Required/Minimum Qualifications Degree in Statistics, Mathematics, Computer Science or related field OR experience in a cybersecurity-related field. In-depth knowledge of two or more of the following disciplines: Experience with Threat Actor containment during an incident, rapid recovery of critical infrastructure (primarily Active Directory rebuild and restoration), and eviction of a Threat Actor after an investigation Active Directory and associated components (Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, AD tiering models, gMSAs) Entra ID and associated components (Conditional Access, Multifactor Authentication, Passwordless Authentication, Privileged Identity Management, Identity Protection, Entra ID Connect) Azure Resource Management, Azure Infrastructure as a Service (IaaS), Role Based Access Controls (RBAC), Subscriptions, Resource Groups, Management Groups Proficiency in one or more query languages (KQL, SPL, SQL, etc.) Strong knowledge of at least two or more products in the Microsoft Defender 365 suite Experience with large scale orchestration and deployment of software using deployment tools such as SCCM, Intune, Ansible, Chef, Puppet, etc. Additional or Preferred Qualifications Doctorate in Statistics, Mathematics, Computer Science or related field OR experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection. Experience in PowerShell and bash scripting Experience with third-party security products, including but not limited to, Splunk, CrowdStrike Falcon, QRadar, etc. Experience with Microsoft Public Key Infrastructure (PKI) implementations, Active Directory Federation Services (AD FS) Understanding and working knowledge of the Linux and MacOS platforms Experience with two or more of Microsoft's portfolio of Artificial Intelligence (AI) products such as Security Copilot, Bing Copilot, Github Copilot, Office Copilot and Windows Copilot Understanding of DevOps, concepts such as Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management and Continuous Monitoring. Experience with management of virtualization platforms such as Hyper-V, VMware, etc. Experience with IP network management including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flow Relocation expenses are not provided as part of this role. Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter. Microsoft's mission is to empower every person and every organization on the p... Disaster Recovery, Screening, Access Control, Platforms, Research, Logging, Frameworks, Delivery, QRadar, Cyber Security, Business, Ansible, Puppet, Access Control, Literary science, Investigations, Packet Capture, RBAC, Policy, Communication, Relocation, Networks, Restoration, Orchestration, Tooling, Analysis, Virtualization, Splunk, Incident Response, Implementation, Failure Analysis, Infrastructure Team, Mac OS, Windows, VMware, Enterprise services, Documentation, SPL, Hyper V, Campaign, Identity Management, Research, Anomaly Detection, Query language, Validation, Powershell, DevOps Engineering, Deployment software, Routing, Pipelines, Cybercrime, Thought Leadership, Landscaping, Active Directory, Fail-fast, Ransomware, Service, Firewall, Mathematics, Git, Government Security, Computer science, Microsoft Cloud, Technical Delivery, Prioritize Workload, Blogging, Resource Management, Bash, Containment, Data Quality, Critical thinking, IP Networking, Reactive, Incident, Traffic, Microsoft Azure, Self-confidence, Conditional Access, Proactivity, Infrastructure, Linux, Checks, ADFS, Conferences, Statistics, Storytelling, Defence, Presentations, Leading by Example, Research, Network management, Security threats, Knowledge Transfer, PKI, PKI, Group Policy, Validation, DataSource, Security service, Transfer, Cloud, Microsoft Security, Kerberos, SQL, Bing, Management, Content, Subscription, Computing, DNS, Revision control Originele vacature is te vinden op StepStone.be – Maak nu een Jobagent aan op StepStone en vind je droombaan! https://bit.ly/2jPYsZC Vind gelijkaardige jobs, informatie over werkgevers en carrièretips op StepStone.be!
Original job ad is published on StepStone.be - Set up a Jobagent at StepStone now and find your dream job! https://bit.ly/2jPYsZC For similar jobs, information on employers and career tips visit StepStone.be!
La version originale de cette offre d'emploi est disponible sur stepstone.be – Créez maintenant votre Job Agent sur StepStone et trouvez le job de vos rêves ! https://bit.ly/2jPYsZC Trouvez des jobs similaires, des informations sur les employeurs qui recrutent et des conseils de carrière sur stepstone.be!