CASY-MSCCN Jobs

With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.

The Global Customer Success (GCS) organization is leading the effort to create the desired customer experience through support offer creation, driving digital transformation across our tools, and delivering operational excellence across CE&S.

The Detection and Response Team (DART) is hiring for a Cybersecurity Incident Response Infrastructure Specialist to join the team. The DART team provides holistic security incident response leadership and investigations for its customers and helps our customers become cyber-resilient.

This role is a crucial part of a collaborative team that works together to serve as infrastructure specialists and assist our customers collect data critical to the success of an investigation, containment and recovery in the midst of a cyber-attack. You will also implement containment measures, and proactively address threats while also ensuring large-scale infrastructure recovery.

This role is flexible in that you can work up to 100% from home.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Security Software Deployment:

o Lead the deployment and configuration of security tooling at scale across the Microsoft Defender suite of products.

o Provide expert-level support for various identity platforms as well as identity management (IdM) solutions.

o Provide direct feedback to both development teams and product groups for continued product improvements.

Troubleshoot issues related to the deployment of security tooling.

• Threat Containment

o Develop and implement threat containment strategies to prevent the escalation of security incidents within the Active Directory, network, and client environments.

o Work in coordination with the larger incident response team to contain and mitigate security threats promptly.

o Implement security measures following both Microsoft and industry standards to contain threats both on-premises and in the cloud.

• Recovery

o Recovery of Active Directory Forests from destructive based cyber-attacks.

o Recovery of key Infrastructure components across the Microsoft technologies both on-premises and cloud

o Recovery of authentication services such as Active Directory Federation Services and Active Directory Certificate Services.

• Threat Hunting

o Conduct threat hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise

o Conduct incident response within various Cloud platforms

o Identify attacker tools, tactics, and procedures to develop indicators of compromise

o Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources

• Troubleshooting Active Directory L300/400: Replication, Group Policy, DFSR

o Able to understand complex Active Directory environments and resolve issues relating to AD health.

o Experience of supporting complex multi-forest AD topologies

o Experience in authoring and triaging Group Policies in large, regulated environments

o Ability to identify defects or misconfiguration in AD services

• Troubleshooting Windows Server OS Roles (DNS, DFS, Clustering, Storage, Networking)

o Experience triaging Server roles to restore systems to production state

o Understanding of core networking technologies (DNS, Routing/Switching, Firewalls)

• Troubleshooting Virtualization Platforms (VMware, Hyper-V etc)

o Experience administering virtual platforms

o Experience in backup/recovery of virtual platforms

• Managing and Configuring Endpoint Security Platforms

o Experience administering Endpoint Security Platforms: (Microsoft Defender Suite, CS, Falcon etc)

o Experience configuring Endpoint Security Platforms: (IOCs, Agent settings, deployment methods)

o Analyzing endpoint security telemetry using (KQL, Python, Jupyter etc)

o Exhaust all investigative leads in the expectation of discovering novel attacker techniques. Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements.

o Synthesize threat data (telemetry) and evaluate the impact of current security trends, advisories, publications, and academic research, cascading learnings as necessary across partner teams and customers alike, and drive change in our approach to better combat these threats.

o Leverage input from Threat Intelligence team, including strategic, operational, and tactical intelligence to benefit containment and hardening of customer environments, while keeping knowledge and skills current with the rapidly changing threat landscape.

o Similarly, share threat data with threat intelligence and engineering teams and drive research of threat actors and threat activity.

o Participating in a follow-the-sun on-call rotation.

o Short-notice travel will likely be 40% or higher as is demanded by the needs of our customers and our business. This is a global position. Off-time zone hours and weekend work are highly likely. The location of the position is flexible.

Qualifications

• 5+ years of relevant work experience 

• Excellent oral and written communication skills

• Ability to work with the team in a customer environment.

• 3 to 5 years of experience with security fundamentals across Microsoft platforms (Client, Server, Cloud).

• 3 to 5 years of experience deploying advanced Windows client security technologies and technologies such as Intune, MECM, Ansible, Puppet.

• 3 to 5 years of expertise in Kusto Query Language or equivalent, and scripting skills in PowerShell or Python.

• 3 to 5 years of advanced understanding of Windows authentications (NTLM, Kerberos, LDAP) and supporting technologies such as Active Directory Federation Services and Active Directory Certificate Services.

• 3 to 5 years of experience with understanding and troubleshooting Hybrid Identity, including Active Directory, Azure AD, and technologies such as Azure AD Connect and Azure AD Password Protection.

• 3 to 5 years of extensive Cybersecurity knowledge and understanding within the Identity plane, such as Azure Active Directory Logging, Risk Events, Multi-Factor Authentication, Microsoft Defender for Identity, Privileged Identity Management (PIM), and other Microsoft 365 Defender technologies.

• Expertise in cloud authentication technologies (OAuth, OpenID, SAML, WS-Fed)

• Solid understanding of Conditional Access, Privileged Identity Management, Just in Time access

• Demonstrated expertise in understanding and countering common attack vectors and tools, including but not limited to Pass-the-Hash (PtH), Pass-the-Ticket (PtT), Golden Ticket, Golden SAML, and Ransomware.

• 3 to 5 years of extensive experience in Active Directory recovery and implementation.

• 3 to 5 years of expertise in Multifactor and passwordless authentication.

• 3 to 5 years of expertise in at least two, preferably three products from the Microsoft Defender suite (Defender for Endpoint, Defender for Cloud Apps, Defender for Cloud, Defender AV).

• 3 to 5 years of expertise in SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, QRadar, etc.

• 3 to 5 years of knowledge of Linux internals.

Additional Qualifications

• 3-5 years+ experience with effective operational management processes to ensure effective tasking amongst your internal team members when managing customer infrastructure actions in a limited window of time.

• Security Certifications in any of the following preferred: OSCP, CISSP, SANs Certifications. Or SC Certifications from Microsoft

• Ability to operate effectively in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.

• Ability to communicate complex and technical considerations effectively to customer representatives of varying levels - from deep environment and platform technical considerations, through to communicating the effective impact and outcome of your infrastructure recommendations to the C-suite level.

• Effective communication with your fellow team members ensuring effective sharing of your current workload, most importantly in a follow-the-sun format when working with fellow team members from across the globe.

• Ability to translate requests from customers and from your fellow analysts through to other teams within Microsoft for effective product feedback.

Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .