Cybersecurity Incident Response Infrastructure Specialist

Auckland, Auckland, New Zealand

Overview

Why Microsoft

With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience.

Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.

The Detection and Response Team (DART) is looking for a Cybersecurity Incident Response Infrastructure Specialist to join the team.

The DART team provides holistic security incident response leadership and investigations for its customers and helps our customers become cyber-resilient.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals.

Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Qualifications

What skills do you need to have?

There will be many opportunities for you to learn and grow into this role and Microsoft.

Minimum qualifications

Minimum of 5 years in a relevant role.

Exceptional communication skills, both verbal and written.

Collaborative team player in customer-facing environments.

In-depth knowledge of Microsoft security fundamentals across various platforms.

Proficient in deploying advanced security technologies and management tools like Intune and MECM.

Skilled in Kusto Query Language, with scripting expertise in PowerShell or Python.

Advanced understanding of Windows authentication mechanisms and related services.

Experienced in managing hybrid identity solutions and troubleshooting related issues.

Comprehensive cybersecurity knowledge, particularly in identity security within Microsoft environments.

Proficient in cloud authentication protocols and technologies.

Knowledgeable in Conditional Access and identity management best practices.

Proven ability to understand and mitigate common cyber-attack strategies.

Extensive experience in Active Directory recovery and management.

Expertise in multifactor and passwordless authentication methods.

Proficiency in at least two Microsoft Defender products.

Experienced with SIEM and SOAR platforms like Microsoft Sentinel.

Familiarity with Linux internals.

Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings : Microsoft Cloud Background Check : This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.

Additional qualifications

Skilled in managing high-pressure incident response situations, guiding customers through critical decisions with evidence-based action plans.

Proficient in translating complex technical details into clear, actionable insights for stakeholders at all levels, including C-suite executives.

Collaborative team player, adept at workload sharing and global coordination with peers in a follow-the-sun model.

Capable of producing high-quality deliverables, such as action plans, briefings, and presentations, tailored for both executive and technical audiences.

Eligibility for a government security clearance is a plus.

Microsoft believes that by investing in our people and creating an inclusive environment, our team will do their best work.

See our complete list of benefits and why we are recognised as an Endorsed Employer for Women by WORK180.

Our mission is deeply inclusive.

What next?

Even if you feel you may not meet 100% of the criteria, please apply. You may exceed your own expectations, or we may have another opportunity that suits your potential.

While we’re not able to reach out directly to every applicant, we will always do our best to help you feel heard and supported throughout the experience.

In the meantime, please see our and for more information on our recruitment process.

Responsibilities

Responsibilities :

This role is a crucial part of a collaborative team that works together to serve as infrastructure specialists and assist our customers collect data critical to the success of an investigation, containment and recovery in the midst of a cyber attack.

You will also implement containment measures, and proactively address threats while also ensuring large-scale infrastructure recovery.

This role is flexible in that you can work up to 100% from home.

Role Expectations :

Security Software Deployment :

Spearhead the large-scale deployment and setup of Microsoft Defender security solutions.

Offer advanced support for identity platforms and identity management (IdM) solutions.

Collaborate with development and product teams to enhance product capabilities.

Resolve deployment-related issues for security tools.

Threat Containment :

Formulate strategies to contain threats and prevent security incident escalation within Active Directory, network, and client environments.

Coordinate with the incident response team for timely threat containment and mitigation.

Enforce security protocols in line with Microsoft and industry benchmarks to safeguard both on-premises and cloud environments.

Recovery :

Restore Active Directory Forests following cyber-attacks.

Recover critical infrastructure components within Microsoft technologies, spanning both on-premises and cloud platforms.

Reinstate authentication services, including Active Directory Federation Services and Active Directory Certificate Services.

Threat Hunting :

Perform proactive threat hunting using indicators of compromise to detect potential breaches across networks.

Lead incident response efforts within various cloud environments.

Analyze attacker behavior to develop indicators of compromise and understand attack methodologies.

Utilize EDR solutions and threat intelligence to identify and investigate security breaches.

Troubleshooting Active Directory L300 / 400 :

Diagnose and resolve complex Active Directory health issues within intricate environments.

Manage support for multi-forest AD topologies.

Develop and troubleshoot Group Policies in large, regulated settings.

Detect and rectify AD service misconfigurations or defects.

Troubleshooting Windows Server OS Roles :

Restore production state by resolving issues with Server roles.

Understand core networking technologies to troubleshoot related problems.

Troubleshooting Virtualization Platforms :

Administer and troubleshoot virtualization platforms like VMware and Hyper-V.

Implement backup and recovery processes for virtual environments.

Managing and Configuring Endpoint Security Platforms :

Administer various Endpoint Security Platforms like Microsoft Defender Suite.

Configure Endpoint Security settings, including IOCs and agent deployment.

Analyze security data using tools like KQL, Python, and Jupyter.

Security Trends and Research Evaluation :

Assess the impact of security trends and research on Microsoft, sharing insights with partner teams.

Utilize Threat Intelligence to enhance containment and harden customer environments, staying abreast of the evolving threat landscape.

On-Call and Travel Requirements :

Participate in an on-call rotation with potential off-time zone hours and weekend work.

Be prepared for short-notice travel, which may exceed 40%, to meet customer and business needs.

Flexibility in work location, accommodating a global position.

Benefits / perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Industry leading healthcareEducational resourcesDiscounts on products and servicesSavings and investmentsMaternity and paternity leaveGenerous time awayGiving programsOpportunities to network and connect

#J-18808-Ljbffr