Cyber Incident Response Manager
- Full-Time
- Redmond, WA
- Microsoft
- Posted 3 years ago – Accepting applications
Job Description
Cloud Operations and Innovation (CO+I) is the engine that powers Microsoft's cloud services. The team is responsible for designing, building and operating our unified global datacenters; managing the demand planning and capacity utilization of our unified infrastructure; and responsible for all of the operations needed to run the physical infrastructure (including supply chain, hardware, power, security, and workflow teams). We focus on smart growth with an emphasis on automation, data driven engineering, cost-effectiveness, and environmental sustainability.
We deliver the core infrastructure and foundational technologies for Microsoft's over 200 online businesses including Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Microsoft Azure platform. Our infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers. Our portfolio is built and managed by a team of subject matter experts working 24x7x365 to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide.
Our core infrastructure is a target for cyber criminals, nation-state adversaries that seek to bring harm to our businesses, customers, and staff. Holding the line against them is the Datacenter Cyber Defense team! We are Microsoft’s industrial strength security team!
With a focus on safety, resilience, and recovery the Datacenter Cyber Defense team is responsible for fielding and operating our datacenters cyber security systems, controls and processes that protect and defend Microsoft’s datacenters operational technologies (OT), industrial scenarios and other mission critical infrastructures.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.ResponsibilitiesThe Datacenter Cyber Defense team is seeking a Cyber Security Incident Response Manager to join our Datacenter Cyber Defense Team! This role is responsible for establishing a strategy to handle cyber security incidents across the CO+I organization and facilities. You will help to establish a team that will be focused on patrolling to look for and responding to potential cyber threats and intrusions! As we grow, you and your team will be taking part in providing 24/7 security incident response support for business-critical network infrastructures.
Our hyper-scale network systems, programs, and projects need to span 100’s of sites. To accomplish these outcomes, you will work closely with peer datacenter engineering and support teams, datacenter design and build teams, and key decision makers across CO+I. You will develop and rely heavily on key partnerships with global Datacenter Operations teams, security engineering teams and datacenter teams responsible for the design and delivery of datacenters, as well as our own Cyber Defense Operations Center (CDOC) and Microsoft Security Response Center (MSRC).
A successful candidate will possess a range of experience in the areas of Cyber Security Incident Response and Operations Management. They will have a deep understanding of Cyber-attack and kill chains, and hands-on experience with exploitation of vulnerabilities. Specific activities include responding to potential security events, developing standard procedures, reviewing logs, generating detailed documentation, and providing input to technical and business leaders on improvements for incident response effectiveness. Due to our hyper-scale an understanding of how to optimize cyber incident response frameworks leveraging security orchestration and automation tooling will be critical to succeed. Other key attributes for successful candidates include network security engineering experience, deep knowledge of Industrial Control System and SCADA network protocol security. Strong documentation skills, along with interpersonal awareness, proactivity, and a proven ability to deliver on multiple simultaneous cross-group dependent Incident Response efforts will be necessary for success. Familiarity with advanced design processes and concepts in securing large data center networks and support infrastructures, along with a working knowledge of Visio and Microsoft Office software are a plus.Qualifications
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. #COICareers #COIEngCareers
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
Apply to this Job
We deliver the core infrastructure and foundational technologies for Microsoft's over 200 online businesses including Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Microsoft Azure platform. Our infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers. Our portfolio is built and managed by a team of subject matter experts working 24x7x365 to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide.
Our core infrastructure is a target for cyber criminals, nation-state adversaries that seek to bring harm to our businesses, customers, and staff. Holding the line against them is the Datacenter Cyber Defense team! We are Microsoft’s industrial strength security team!
With a focus on safety, resilience, and recovery the Datacenter Cyber Defense team is responsible for fielding and operating our datacenters cyber security systems, controls and processes that protect and defend Microsoft’s datacenters operational technologies (OT), industrial scenarios and other mission critical infrastructures.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.ResponsibilitiesThe Datacenter Cyber Defense team is seeking a Cyber Security Incident Response Manager to join our Datacenter Cyber Defense Team! This role is responsible for establishing a strategy to handle cyber security incidents across the CO+I organization and facilities. You will help to establish a team that will be focused on patrolling to look for and responding to potential cyber threats and intrusions! As we grow, you and your team will be taking part in providing 24/7 security incident response support for business-critical network infrastructures.
Our hyper-scale network systems, programs, and projects need to span 100’s of sites. To accomplish these outcomes, you will work closely with peer datacenter engineering and support teams, datacenter design and build teams, and key decision makers across CO+I. You will develop and rely heavily on key partnerships with global Datacenter Operations teams, security engineering teams and datacenter teams responsible for the design and delivery of datacenters, as well as our own Cyber Defense Operations Center (CDOC) and Microsoft Security Response Center (MSRC).
A successful candidate will possess a range of experience in the areas of Cyber Security Incident Response and Operations Management. They will have a deep understanding of Cyber-attack and kill chains, and hands-on experience with exploitation of vulnerabilities. Specific activities include responding to potential security events, developing standard procedures, reviewing logs, generating detailed documentation, and providing input to technical and business leaders on improvements for incident response effectiveness. Due to our hyper-scale an understanding of how to optimize cyber incident response frameworks leveraging security orchestration and automation tooling will be critical to succeed. Other key attributes for successful candidates include network security engineering experience, deep knowledge of Industrial Control System and SCADA network protocol security. Strong documentation skills, along with interpersonal awareness, proactivity, and a proven ability to deliver on multiple simultaneous cross-group dependent Incident Response efforts will be necessary for success. Familiarity with advanced design processes and concepts in securing large data center networks and support infrastructures, along with a working knowledge of Visio and Microsoft Office software are a plus.Qualifications
- Over 5 years of experience performing Cyber Security Incident Investigations and Response
- Over 10+ years of network experience in production networking or datacenter environments
- Familiarity with Industrial Control System Security Frameworks, e.g. NIST 800-82R2, ISO 62443/ISA99
- Experience working with and inside of Operational Technology (OT) networks
- Certification in Digital Forensics and Incident Response
- Experience creating and running Incident Response Playbooks
- Experience with training and mentoring others to improve their security skillsets
- 5 years experience operating and leveraging Network Security controls such as L7 firewalls, Intrusion Detection Systems (IDS), or other advanced security controls to respond to or contain security incidents and/or risks.
- Proven ability to influence and persuade others to influence design and operational outcomes without direct-line authority.
- Ability to balance competing demands for resources and adapt to changing priorities.
- Proven ability to deliver projects on-time and within budget.
- Proven ability to apply clear critical thinking in complex, stressful situations.
- Provide meaningful and timely reporting of security success metrics.
- Experience defining and documenting technical procedures, incident response playbooks, and support processes for Incident Response
- Once safe for employees, travel will be involved (up to 25%).
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. #COICareers #COIEngCareers
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.