With over 17,000 employees worldwide, the mission of the Customer Experience & Success (CE&S) organization is to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft’s products and services, ignited by our people and culture. Come join CE&S and help us build a future where customers achieve their business outcomes faster with technology that does more. The Global Customer Success (GCS) organization, an organization within CE&S, is leading the effort to enable customer success on the Microsoft Cloud by harnessing leading, AI-powered capabilities and human expertise to deliver innovation solutions that accelerate business value, drive operational excellence and nurture long term loyalty. Are you looking for an exciting opportunity to lead Microsoft's response efforts to protect over a billion customers around the world? Are you excited about cybersecurity and ready to join a passionate security response team dedicated to protecting customers from emerging cybersecurity threats? If so, this role may be your next opportunity. Microsoft Detection and Response Team (DART) is looking for a motivate and experienced security professional to Lead and manage all aspects of Cybersecurity Incident Response engagements. The Team Lead plays a vital role in responding to major cybersecurity incidents. They guide multi-functional teams through the incident response process, ensuring a balance between speed of recovery, evidence preservation, and security of the restoration process. As a Lead Investigator, you’ll operate like the conductor of an orchestra, coordinating actions and adapting quickly to complex situations. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. **Responsibilities** + Elevates findings appropriately to address and mitigate issues. + Balances value of dissemination over risk of divulging techniques. + Works with others to incorporate findings into future designs and analyses (e.g. creates working groups). + Leads data quality efforts to ensure timely and consistent access to data sources. + Leads efforts to clean, structure, and standardize data and data sources. + Creates a schedule for analysis of multiple feature areas. + Develops guidelines, models, and best practices to enable teams to avoid common patterns of issues. + Architects solutions across multiple teams and organizations, and automation related to specific kinds of security issues (e.g., signature detection, malware, threat analysis, reverse engineering). + Drives the development of guidance and education that result from resolution of security issues. + Advocates for key security issues and mitigations to teams and upper management. + Evangelizes security practices across the company. + Applies subject matter expertise and leads postmortem and root-cause analyses for complex and/or large-scale, live site issues to create repair items, specifies tools and systems that support incident management, and mitigates and resolves issues across organizations. + Ensures best practices for security architecture, design, and development are in place. + Incident Response Leadership: Experience in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.Lead and manage incident response efforts during cybersecurity incidents by clearly understanding customer requirements. + Identify gaps early in the engagement process and request appropriate resources to fill those gaps. + Coordinate with technical teams, consultants, and partners to orchestrate an appropriate response and ensure the engagement is completed on time to provide the most complete engagement for the customer. + Balance the need for rapid recovery with data collection and evidence preservation. + Direct activities to secure the environment and assess potential data theft. + Management of large scale incidents in a follow-the-sun format working with fellow team members from across the globe. + Contextual application of MITRE Attack Framework and or OSI Model. **Qualifications** **Required/Minimum Qualifications** + 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection + OR Master's Degree in Statistics, Mathematics, Computer Science or related field. + 3+ years cybersecurity Incident response investigation experience. + 5+ years consulting experience. **Additional or Preferred Qualifications** + 6+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection + OR Doctorate in Statistics, Mathematics, Computer Science or related field + Security Certifications in any of the following: OSCP, CISSP, SANs Certifications. Or Security Certifications from Microsoft. + Delivery of complex and technical discussions effectively to customer representatives of varying levels - from deep environment and platform technical considerations, through to communicating the effective impact and outcome of security posture recommendations to to be consumed both at the executive and technical practitioner level. + Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting. Security Research IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay Multi reqs: Microsoft will accept applications and processes offers for these roles on an ongoing basis. \#DART Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .