New job, posted less than a week ago!
Job Details
Posted date: Mar 05, 2026
Category: Security Research
Location: Multiple Locations, Multiple Locations
Estimated salary: $188,900
Range: $119,800 - $258,000
Employment type: Full-Time
Travel amount: 25.0%
Work location type: 0 days / week in-office – remote
Role: Individual Contributor
Description
OverviewWith more than 45,000 employees and partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft’s products and services, ignited by our people and culture. We drive cross-company alignment and execution, ensuring that we consistently exceed customers’ expectations in every interaction, whether in-product, digital, or human-centered. CE&S is responsible for all up services across the company, including consulting, customer success, and support across Microsoft’s portfolio of solutions and products. Join CE&S and help us accelerate AI transformation for our customers and the world.
The Microsoft Incident Response Team - Detection and Response Team (DART) are seeking a skilled and experienced Cybersecurity Incident Response Coordinator to join our team - DART is the first port of call for many customers during a security incident. This pivotal, customer-facing position calls for a tactical and agile leader and influencer, one who is adept at managing complex cybersecurity incidents, fostering synergistic teamwork across multifaceted groups and ensuring the effective staffing and resolution of both proactive and reactive deliveries.
This position is tailored for an individual who not only excels in cybersecurity technical acumen, but also demonstrates robust capabilities in engaging with clients customers and adjusting to the evolving demands of incident response operations. Should you possess the requisite skills and feel prepared to embrace this opportunity, we would be eager to review your candidacy.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Operational Management
This role will work as part of a collaborative team providing the following support:
Scope customer engagements as part of pre-engagement activities, including assessing client needs, defining desired outcomes, and estimating resources and timelines to ensure a successful delivery.
Oversee escalation pathways ensuring timely responses, directing issues to the appropriate delivery teams, monitoring progress to resolution, and raising matters to leadership, when necessary, especially in cases of urgent and sensitive nature.
Collaborate closely with delivery teams to manage and resolve customer escalations promptly and effectively, ensuring customer satisfaction and maintaining delivery timelines.
Oversee staffing and capacity planning for engagements and special event support, ensuring the appropriate allocation of resources to meet demand and client needs effectively.
Fulfill on-call duties on a scheduled rotation, inclusive of weekends and holidays.
Manage and document the implementation of incident management frameworks and procedures.
Collaborate with internal teams, including Legal, Security Research, Product Groups, and others, to address and resolve emerging issues.
Ensure operational processes maintain alignment with business objectives.
Track the status of operational activities, ensuring schedules and priorities are met.
Manage daily and weekly communication and status reporting proactively.
Lead daily and weekly standup meetings and follow up on meeting minutes and action items.
Identify trends in customer activity that may require an adjustment in operational engagement
Operational Excellence  
Must be maintained by:
Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines).   Completing operational tasks and readiness with timeliness and accuracy.  
Leading by example and guiding team members on operational tasks, readiness, and compliance.  
Exercising rigor in meticulous data tracking and concise, detailed communications
Qualifications
Required Qualifications:
Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR equivalent experience.Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter. Preferred Qualifications:Doctorate in Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR Master's Degree in Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR Bachelor's Degree in Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR equivalent experienceFlexibility to work shifts, including assignments during non-standard business hours that may include evening, nighttime, weekends, and/or holidays.2+ years of hands-on experience with Active Directory, Entra ID, or other enterprise identity platforms and/OR 2+ years threat hunting, windows forensics OR 2+ years pentesting experience1+ years ability to script or automate tasks using PowerShell or similar tools or 1+ years KQL experienceExperience in high pressure reactive incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.  This skill set should include but is not limited to:Lead and manage high-profile incident response efforts for some of the world’s largest businessesCoordinate and lead all key stakeholders as the primary point of contact for major incidents. This could include technical teams, executives, consultants, and partnersIdentify gaps early in the engagement process and request appropriate resources to fill those gapsBalance the need for rapid recovery with data collection and evidence preservation.Direct activities to secure Enterprise-scale environments and assess potential data exfiltration of data collectionManagement of large scale incidents in a follow-the-sun format working with fellow team members from across the globeContextual application of MITRE Attack Framework and or OSI Model.Delivery of complex and technical discussions effectively to customer representatives of varying levelsSecurity Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft. Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting. Seasoned expertise in Incident Management or the Incident Response sector, with a focus on enhancing the efficacy and efficiency of incident management operations.Resilience under stress, coupled with a readiness to occasionally operate beyond standard business hours to assist with incidents.Effective interpersonal and communication abilities, conducive to productive collaboration within diverse team structures.Proactive approach in initiating actions and advocating for improvements to establish more streamlined and effective incident management processes
Security Research IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.