Sr. Service Engineer (Digital Security; Incident Response Team)
Redmond , Washington
October 22, 2017
Organization Mission / Information:

Each day our world creates new technology. New devices, new apps, new services. Which means new ways to do things, new ways to connect, new things to learn. And while each holds the promise of helping us get more done, with less effort, too often they simply become one more thing competing for our scarce time and attention. That’s why we need to rethink the way we make technology, and not simply make more. That’s why we need to reinvent productivity. Microsoft is helping people achieve more by giving them the best possible tools for any moment.

So how does Microsoft Core Services Engineering and Operations help, and in particular, how do Service Engineers help? CSE has two roles at Microsoft. First is the traditional enterprise engineering and operations role. We keep everything running smoothly, and ensure employees have a great experience as they collaborate with colleagues, customers and partners in over 100 countries. Second, we’re the company’s first commercial customer to deploy Microsoft software, services and hardware at scale. We innovate using cloud, BI and Big Data, mobile, social and security software and services, deploy and manage it, then provide the feedback and advocate for our customers with the Microsoft product engineering teams. In the end, we showcase our work to the industry.

Microsoft CSE employees make global impact on hundreds of thousands of customers and employees who use Microsoft software and services.

Job Description:
Are you passionate about Security and Privacy? Do you like solving problems? If so, the Digital Security & Risk Engineering (DSRE) Incident Response (IR) team has an opportunity for you. Currently the DSRE IR team is seeking a motivated, self-driven Security Engineer to be part of the DSRE Incident Response team.

The DSRE IR team is responsible for the detection and response to security incident activity and forensic investigations. This role also includes forming close partnerships with other Microsoft teams and building security capabilities within the Microsoft Cyber Defense Operations Center. Our focus is on smart growth, high efficiency, and delivering a trusted experience to customers and partners worldwide. We are looking for a passionate, high energy individual to respond to incidents and help build solutions that empower billions of customers.

You will be responsible for handling events and incidents using investigative best practices, highly variable problem solving, deep inspection of systems and files, detailed documentation, log analysis, forensic review of file systems, malware analysis, etc. This work requires developing and adhering to the highest standards of incident response. Additional duties include developing analytics, detections, delivering incident summary, trend and service performance information to peer teams, colleagues and executive stakeholders in both written and oral presentations.

This role will require situational support and extended coverage outside of normal work hours. This position includes a regular rotation for after-hours escalations.

Specific functions include:
• Monitor & respond to security events, potential vulnerabilities, exposures, and policy compliance issues. Lead and direct response efforts across stakeholder and partner teams
• Provide security incident response and management, investigation, and consultation from incident start to issue closure. Develop after action reports and repair items.
• Evaluate security advisories and vulnerabilities to determine potential impact to specific services and environments.
• Provide and interpret security service metrics, key performance indicators and other reporting data. Create executive summaries and brief colleagues, peers, and executive stakeholders on incident activity.
• Evaluate security risks and threat intelligence and develop strategies and tactics to defend against evolving conditions.
• Create technical documentation such as case records, troubleshooting guides, standard operating procedures, and frequently asked questions.

• In-depth knowledge and understanding of Security Risk and Threat Assessment methodologies.
• Windows and network analysis skills required
• In-depth understanding of highly complex internet-based systems
• A strong technical background/or computer science degree
• The ability to analyze problems and make appropriate decisions quickly
• Ability to drive large, complex programs and solutions
• Excellent interpersonal and group dynamic skills
• Strong written & verbal communication and presentation
• Experience in developing correlations between disparate event sources and data sets
• Experience with managing multiple data sets and relational databases
• Highly developed analytical skills and demonstrated judgement to make appropriate decisions quickly
• Outstanding problem-solving skills and passion to work on hard problems as part of a team

• Bachelor's degree or 4+ years’ experience in a technical field.
• 3+ years of experience with one or more of the following:
- Security Information and Event Management (SIEM) systems
- Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
- Host Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
- Network and Host malware detection and prevention
- Network and Host forensic applications
- Windows Defender Advanced Threat Protection and similar security technologies

The ideal candidate will have experience in a team environment, experience running and designing enterprise scale services and platforms, technical depth in cloud platforms, agile development practices, and experience in designing & tuning telemetry. In addition, this position requires an individual who can demonstrate the ability to ensure highly resilient and scalable service designs through partnership with other members of the service team.

• Demonstrated forensic experience
• *nix skills
• PowerShell and PowerBI
• Experience in automation, specifically related to deployment, recovery, or other manual processes.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to


A little about us:
Microsoft offers training and employment opportunities to help you turn your military experience and skills into a civilian technology career.

Know someone who would be interested in this job? Share it with your network.