New job, posted less than a week ago!
Job Details
Posted date: Jan 28, 2026
There have been 2 jobs posted with the title of Cyber Security Incident Response Lead all time at Microsoft.There have been 2 Cyber Security Incident Response Lead jobs posted in the last month.
Category: Security Research
Location: Greater Toronto, Ontario
Estimated salary: $159,150
Range: $114,400 - $203,900
Employment type: Full-Time
Travel amount: 25.0%
Work location type: 0 days / week in-office – remote
Role: Individual Contributor
Description
OverviewWith more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft’s products and services, ignited by our people and culture. We drive cross-company alignment and execution, ensuring that we consistently exceed customers’ expectations in every interaction, whether in-product, digital, or human-centered. CE&S is responsible for all up services across the company, including consulting, customer success, and support across Microsoft’s portfolio of solutions and products. Join CE&S and help us accelerate AI transformation for our customers and the world.
The Global Customer Success (GCS) organization, an organization within CE&S, is leading the effort to enable customer success on the Microsoft Cloud by harnessing leading, AI-powered capabilities and human expertise to deliver innovation solutions that accelerate business value, drive operational excellence and nurture long term loyalty.
The Microsoft Detection and Response Team (DART) are seeking a skilled and experienced Cyber Security Incident Response Lead investigator to join our team, who is the first port of call for many customers during a security incident. This role presents an opportunity to be the tip of the spear during incident response engagements, the key point of contact and decision maker throughout an incident. You will be presenting investigative findings to stakeholders from every part of the business with a particular focus on the executive team members. Hands on experience and knowledge of all aspects of large-scale incident response management is key along with strong leadership skills, ideally with experience in both on premises and cloud environments. The ability to communicate technical content with clarity and context is a priority, alongside solid knowledge of nation state and cybercrime attack techniques. A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills.
Along with leading reactive incident response cases for some of the most esteemed businesses in the world, lead investigators should be able to build trust and drive significant change in any business they come into contact with, have excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft. Thought leadership is a key priority, in the form of written and spoken content delivered both internally and externally. Any successful candidate should also embody Microsoft’s culture and values.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Technical Delivery
This role will work as part of a collaborative team assisting our top customers with:  Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident Pulling together multiple disparate events to build and communicate a cohesive timeline of activity Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions Communicating key objectives and results with clarity and context Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact.
Research
Security threats are constantly evolving, and so must the Microsoft Incident Response team. To that end, this role will involve: Leading research and analysis of security threats, and sharing findings across the team Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats. Creating new solutions to mitigate security issues Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources.
Thought Leadership
This role includes the ability to be at the forefront of Microsoft Security thought leadership by: Developing written content for publication on Microsoft blog platforms Developing presentations for delivery at internal and external conferences Use the unique experiences of Microsoft Incident Response to create unique storytelling moments Lead from the front by ideating, mentoring, and supporting thought leadership efforts across the team.
Operational Excellence 
Must be maintained by: Completing operational tasks and readiness with timeliness and accuracy. Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines). Leading by example and guiding team members on operational tasks, readiness, and compliance. 
Qualifications
Required Qualifications:
Doctorate in Computer Science, Computer Security, or related fieldOR Master's Degree in Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR equivalent experience.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter. Preferred Qualifications:Doctorate in Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR Master's Degree in Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR Bachelor's Degree in Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR equivalent experienceSecurity Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft. Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting. Eligibility to obtain or currently active government security clearance. Incident Response Leadership: Experience in high pressure incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.  This skill set should include but is not limited to:Lead and manage high-profile incident response efforts for some of the world’s largest businessesCoordinate and lead all key stakeholders as the primary point of contact for major incidents. This could include technical teams, executives, consultants, and partnersIdentify gaps early in the engagement process and request appropriate resources to fill those gapsBalance the need for rapid recovery with data collection and evidence preservation.Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collectionManagement of large scale incidents in a follow-the-sun format working with fellow team members from across the globeContextual application of MITRE Attack Framework and or OSI Model.Delivery of complex and technical discussions effectively to customer representatives of varying levels
#CES #GCS #DART
Security Research IC4 - The typical base pay range for this role across Canada is CAD $114,400 - CAD $203,900 per year.
Find additional pay information here:
https://careers.microsoft.com/v2/global/en/canada-pay-information.html
Security Research IC4 - L'échelle salariale de base typique pour ce rôle dans l'ensemble du Canada est de 114,400 $ CAD à 203,900 $ CAD par année.
Pour plus d'information au sujet de la rémunération, veuillez cliquer ici:
https://careers.microsoft.com/v2/global/en/canada-pay-information.html
Ce poste sera ouvert pendant au moins cinq jours et les candidatures seront acceptées de façon continue jusqu’à ce que le poste soit pourvu.
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft est un employeur offrant l’égalité d’accès à l’emploi. Tous les candidats qualifiés seront pris en considération pour l’emploi, sans égard à l’âge, à l’ascendance, à la citoyenneté, à la couleur, aux congés médicaux ou familiaux, à l’identité ou à l’expression de genre, aux renseignements génétiques, à l’état d’immigration, à l’état matrimonial, à l’état de santé, à l’origine nationale, à un éventuel handicap physique ou mental, à l’affiliation politique, au statut de vétéran protégé ou au statut militaire, à la race, à l’ethnie, à la religion, au sexe (y compris la grossesse), à l’orientation sexuelle ou à toute autre caractéristique protégée par les lois, ordonnances et règlements locaux applicables. Si vous avez besoin d’aide avec des accommodements religieux et/ou d’un accommodement raisonnable en raison d’un handicap pendant le processus de candidature, apprenez-en plus sur la demande d’accommodement.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
Check out other jobs at Microsoft.