< Back to search

Microsoft UK • Reading, United Kingdom

Cybersecurity Incident Response Team Lead

Employment type:  Full time

< Back to search

top 3 scores:
83%

Location flexibility

81%

Hours flexibility

79%

Autonomy

Job Description

With over 18,000 employees worldwide, the mission of the Customer Experience & Success (CE&S) organization is to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft’s products and services, ignited by our people and culture. Come join CE&S and help us build a future where customers achieve their business outcomes faster with technology that does more.

The mission of the Microsoft Detection and Response Team (DART) part of CE&S is to empower organizations to combat cyber threats through intelligence-driven investigation and strategic mitigation, leveraging our expertise to safeguard digital assets. Our vision is to be the leading provider of expert incident response services, significantly reducing the time to investigate and neutralize threats, and fostering a resilient and secure digital future for all.

The Microsoft Incident Response team are seeking a skilled and experienced lead investigator to join our team, who is the first port of call for many customers during a security incident. This role presents an opportunity to be the tip of the spear during incident response engagements, the key point of contact and decision maker throughout an incident. You will be presenting investigative findings to stakeholders from every part of the business with a particular focus on the executive team members. Strong knowledge of all aspects of large-scale incident response management is key along with strong leadership skills, ideally with experience in both on premises and cloud environments. The ability to communicate technical content with clarity and context is a priority, alongside solid knowledge of nation state and cybercrime attack techniques. A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills.

Along with leading reactive incident response cases for some of the most esteemed businesses in the world, lead investigators should be able to build trust and drive significant change in any business they come into contact with, have excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft. Thought leadership is a key priority, in the form of written and spoken content delivered both internally and externally. Any successful candidate should also embody Microsoft’s culture and values.

The role is flexible in that you can work up to 100% from home however short notice travel to work onsite alongside customers could be 40% or higher as is demanded by the needs of our customers and business. This position may require you to work a rotational On-Call schedule, evenings, weekends or holiday shift. Though schedule changes are not frequent, you will need to have flexibility to accommodate changes as needed.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

Technical Delivery

This role will work as part of a collaborative team assisting our top customers with:

  • Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
  • Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
  • Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
  • Communicating key objectives and results with clarity and context
  • Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact

Research

Security threats are constantly evolving, and so must the Microsoft Incident Response team. To that end, this role will involve:

  • Leading research and analysis of security threats, and sharing findings across the team
  • Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
  • Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats. Creating new solutions to mitigate security issues
  • Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
  • Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources

Thought Leadership

This role includes the ability to be at the forefront of Microsoft Security thought leadership by:

  • Developing written content for publication on Microsoft blog platforms
  • Developing presentations for delivery at internal and external conferences
  • Use the unique experiences of Microsoft Incident Response to create unique storytelling moments
  • Lead from the front by ideating, mentoring, and supporting thought leadership efforts across the team

Operational Excellence

Must be maintained by:

  • Completing operational tasks and readiness with timeliness and accuracy.
  • Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines).
  • Leading by example and guiding team members on operational tasks, readiness, and compliance.

Qualifications

Required/Minimum Qualifications:

  • Degree in Statistics, Mathematics, Computer Science or related field OR experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
  • Incident Response Leadership: Experience in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps. This skill set should include but is not limited to:
  • Lead and manage high-profile incident response efforts for some of the world’s largest businesses
  • Coordinate and lead all key stakeholders as the primary point of contact for major incidents. This could include technical teams, executives, consultants, and partners
  • Identify gaps early in the engagement process and request appropriate resources to fill those gaps
  • Balance the need for rapid recovery with data collection and evidence preservation.
  • Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection
  • Management of large scale incidents in a follow-the-sun format working with fellow team members from across the globe
  • Contextual application of MITRE Attack Framework and or OSI Model.
  • Delivery of complex and technical discussions effectively to customer representatives of varying levels

Additional or Preferred Qualifications

  • Security Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft.
  • Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting.
  • Eligibility or currently active government security clearance.

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Company benefits

Wellbeing allowance
Health insurance
Dental coverage
Gym membership
Mental health platform access
Buy or sell annual leave
Shared parental leave
Charity donation scheme
Employee assistance programme
Employee discounts
Volunteer days
Fertility treatment leave
Open to compressed hours
Open to job sharing
Fertility benefits
Enhanced sick pay
Enhanced sick days
Compassionate leave
Travel insurance
20 days annual leave + bank holidays
Enhanced maternity leave
Enhanced paternity leave
Adoption leave
Childcare credits
Carer’s leave
Cycle to work scheme
Faith rooms
Annual bonus
Annual pay rises
Company car
Hackathons
Open to part-time employees
Pregnancy loss leave
Life insurance
Equity packages
Financial coaching
Relocation packages
Sabbaticals
Enhanced pension match/contribution

We asked employees of Microsoft UK what it's like to work there, and this is what they told us.

Location flexibility
83%
Employees are very happy with their working location freedom
Hours flexibility
81%
Employees are very happy with the flexibility in the hours they work
Benefits
67%
Employees are largely happy with the benefits their company offers
Work-life balance
63%
Employees feel that they can switch off quite easily from work
Role modelling
74%
Employees feel that most people work flexibly
Autonomy
79%
Employees feel that they can mostly manage how they get their own work done

Working at Microsoft UK

Company employees

Globally: 228,000

Gender diversity (male:female)

67:33

Currently Hiring Countries

United Kingdom

Office Locations

Awards & Achievements

Most flexible companies

Most flexible companies

Flexa100 2024