Cybersecurity Incident Response Engineer

**Job Summary**:
**Salary**
S$12,700 - S$16,400 / Monthly

**Job Type**

**Seniority**

Mid

**Years of Experience**
At least 5 years

**Tech Stacks**
OpenID Strategy Powershell OAuth SAML Windows Server LDAP Microsoft Jupyter VMware Puppet Azure Linux Splunk Ansible Python

**Overview**:
With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.

The Global Customer Success (GCS) organization is leading the effort to create the desired customer experience through support offer creation, driving digital transformation across our tools, and delivering operational excellence across CE&S.

The Detection and Response Team (DART) is hiring for a Cybersecurity Incident Response Infrastructure Specialist to join the team. The DART team provides holistic security incident response leadership and investigations for its customers and helps our customers become cyber-resilient.

This role is a crucial part of a collaborative team that works together to serve as infrastructure specialists and assist our customers collect data critical to the success of an investigation, containment and recovery in the midst of a cyber-attack. You will also implement containment measures, and proactively address threats while also ensuring large-scale infrastructure recovery.

This role is flexible in that you can work up to 100% from home.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

**Responsibilities**:
**Security Software Deployment**
- Lead the deployment and configuration of security tooling at scale across the Microsoft Defender suite of products.
- Provide expert-level support for various identity platforms as well as identity management (IdM) solutions.
- Provide direct feedback to both development teams and product groups for continued product improvements.
- Troubleshoot issues related to the deployment of security tooling.

**Threat Containment**
- Develop and implement threat containment strategies to prevent the escalation of security incidents within the Active Directory, network, and client environments.
- Work in coordination with the larger incident response team to contain and mitigate security threats promptly.
- Implement security measures following both Microsoft and industry standards to contain threats both on-premises and in the cloud.

**Recovery**
- Recovery of Active Directory Forests from destructive based cyber-attacks.
- Recovery of key Infrastructure components across the Microsoft technologies both on-premises and cloud
- Recovery of authentication services such as Active Directory Federation Services and Active Directory Certificate Services.

**Threat Hunting**
- Conduct threat hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise
- Conduct incident response within various Cloud platforms
- Identify attacker tools, tactics, and procedures to develop indicators of compromise
- Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources

**Troubleshooting Active Directory L300/400: Replication, Group Policy, DFSR**
- Able to understand complex Active Directory environments and resolve issues relating to AD health.
- Experience of supporting complex multi-forest AD topologies
- Experience in authoring and triaging Group Policies in large, regulated environments
- Ability to identify defects or misconfiguration in AD services

**Troubleshooting Windows Server OS Roles (DNS, DFS, Clustering, Storage, Networking)**
- Experience triaging Server roles to restore systems to production state
- Understanding of core networking technologies (DNS, Routing/Switching, Firewalls)

**Troubleshooting Virtualization Platforms (VMware, Hyper-V etc)**
- Experience administering virtual platforms
- Experience in backup/recovery of virtual platforms

**Managing and Configuring Endpoint Security Platforms**
- Experience administering Endpoint Security Platforms: (Microsoft Defender Suite, CS, Falcon etc)
- Experience configuring Endpoint Security Platforms: (IOCs, Agent settings, deployment methods)
- Analyzing endpoint security telemetry using (KQL, Python, Jupyter etc)
- Exhaust all investigative leads in the expectation of discovering novel attacker techniques. Investigate and research these tech