With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience. The Global Customer Success (GCS) organization is leading the effort to create the desired customer experience through support offer creation, driving digital transformation across our tools, and delivering operational excellence across CE&S. We are looking for a Cybersecurity Incident Response Team Lead to join our organization. Are you looking for an exciting opportunity to lead Microsoft''s response efforts to protect over a billion customers around the world? Are you excited about cybersecurity and ready to join a passionate security response team dedicated to protecting customers from emerging cybersecurity threats? If so, this role may be your next opportunity. Microsoft Detection and Response Team (DART) is looking for a motivate and experienced security professional to Lead and manage all aspects of Cybersecurity Incident Response engagements. The Team Lead plays a vital role in responding to major cybersecurity incidents. They guide multi-functional teams through the incident response process, ensuring a balance between speed of recovery, evidence preservation, and security of the restoration process. As a Lead Investigator, you’ll operate like the conductor of an orchestra, coordinating actions and adapting quickly to complex situations. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. **Responsibilities** + Elevates findings appropriately to address and mitigate issues. + Balances value of dissemination over risk of divulging techniques. + Works with others to incorporate findings into future designs and analyses (e.g. creates working groups). + Leads data quality efforts to ensure timely and consistent access to data sources. + Leads efforts to clean, structure, and standardize data and data sources. + Creates a schedule for analysis of multiple feature areas. + Develops guidelines, models, and best practices to enable teams to avoid common patterns of issues. + Architects solutions across multiple teams and organizations, and automation related to specific kinds of security issues (e.g., signature detection, malware, threat analysis, reverse engineering). + Drives the development of guidance and education that result from resolution of security issues. + Advocates for key security issues and mitigations to teams and upper management. + Evangelizes security practices across the company. + Applies subject matter expertise and leads postmortem and root-cause analyses for complex and/or large-scale, live site issues to create repair items, specifies tools and systems that support incident management, and mitigates and resolves issues across organizations. + Ensures best practices for security architecture, design, and development are in place. + Incident Response Leadership: Experience in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps. + Lead and manage incident response efforts during cybersecurity incidents by clearly understanding customer requirements + Identify gaps early in the engagement process and request appropriate resources to fill those gaps. + Coordinate with technical teams, consultants, and partners to orchestrate an appropriate response and ensure the engagement is completed on time to provide the most complete engagement for the customer. + Balance the need for rapid recovery with data collection and evidence preservation. + Direct activities to secure the environment and assess potential data theft + Management of large scale incidents in a follow-the-sun format working with fellow team members from across the globe. + Contextual application of MITRE Attack Framework and or OSI Model. + Embody our Culture (https://www.microsoft.com/en-us/about/corporate-values) and Values (https://careers.microsoft.com/us/en/culture) **Qualifications** **Required/Minimum Qualifications** + Doctorate in Statistics, Mathematics, Computer Science or related field OR 7+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection. + 3+ years cybersecurity Incident response investigation experience. + 7+ years consulting experience. **Additional or Preferred Qualifications** + Doctorate in Statistics, Mathematics, Computer Science or related field OR 8+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection. + Security Certifications in any of the following: OSCP, CISSP, SANs Certifications. Or SC Certifications from Microsoft. + Delivery of complex and technical discussions effectively to customer representatives of varying levels - from deep environment and platform technical considerations, through to communicating the effective impact and outcome of security posture recommendations to to be consumed both at the executive and technical practitioner level. + Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting. + Eligibility or currently active government security clearance Security Research IC5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay Microsoft will accept applications and processes offers for these roles on an ongoing basis. Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter. Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .