Applications for this job have closed. This page will redirect to Microsoft employer page in 10 seconds.

Senior Security Incident Handler


Location: Redmond, Washington

Job Type: Full time


Are you looking for an exciting opportunity to lead Microsoft's response efforts to protect over a billion customers around the world? Are you excited about cybersecurity and ready to join a passionate security response team dedicated to protecting customers from emerging cybersecurity threats? If so, this role may be your next opportunity. Microsoft Security Response Center (MSRC) is looking for motivated and experienced security professionals to join our growing team to coordinate Microsoft’s response to the most critical security issues facing our customers. When you read about hackers in the news; when the integrity of our products are at stake; or when a zero-day exploit is being used to attack customers, the MSRC incident response team works across Microsoft to rapidly defend Microsoft and its customers against these threats.

The opportunity for leadership that accompanies this individual contributor position is unique. You will regularly connect with the most senior leaders at Microsoft up to and including the CEO. You will manage and lead all parties involved in security incidents, make key risk decisions, and inform executive leadership in an overall effort to help protect customers, make our products and services more secure, and protect our brands. Excellent communications, strong interpersonal awareness, attention to detail, and the ability to foster cooperation and trust across teams are keys to success in this role. Strong program management skills for organizing information, breaking down complex problems, and working effectively in situations involving uncertainty are must-haves.

#MSFTSecurity #SCIMJobs #SecurityJobs


What is the specific role’s key deliverables? What will they spend their time doing?

  • Performing cyber defense incident and/or vulnerability triage to determine scope, urgency, and potential risk impact.
  • Make high-stake decisions that enable expeditious remediation of risk to protect customers and Microsoft.
  • Track and document cyber defense incidents from initial escalation through final resolution.
  • Provide tactical security decisions and coordinate enterprise-wide cyber defenders to resolve incidents.
  • Send timely and clear executive updates explaining the risk to customers and Microsoft.
  • Advise and validate customer notifications and/or authoritative security guidance for customers.
  • Conduct incident analysis, produce reports, and briefs informing threat landscape trends and future investment areas to improve security.


Required/Minimum Qualifications:

  • 5+ years of combined experience in any of the following software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and/or operations incident response.
  • Demonstrated ability to communicate complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner.

Additional or Preferred Qualifications:

  • 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
  • CISSP, CISA, CISM, SANS, GCIA, GCIH, OSCP, and/or Security+ certification.
  • Demonstrated ability to work well under pressure while maintaining a professional image and approach.
  • One or more of the following would be an advantage:
  • Experience with large scale and complex incidents of all types, including APT, DDoS, malicious insider, web and mobile applications, and data exfiltration.
  • Strong foundational knowledge in information technology, including cloud services, hardware, networking, architecture, protocols, file systems, and operating systems.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.