CrawlJobs Logo
Microsoft Corporation Logo Microsoft Corporation · IT - Software Development

Cyber Security Incident Response Lead

United Kingdom, Multiple Locations · Job Posted February 03, 2026
Apply Position
Job Link Share

Job Description

The Microsoft Detection and Response Team (DART) are seeking a skilled and experienced lead investigator to join our team, who is the first port of call for many customers during a security incident. This role presents an opportunity to be the tip of the spear during incident response engagements, the key point of contact and decision maker throughout an incident. You will be presenting investigative findings to stakeholders from every part of the business with a particular focus on the executive team members. Hands on experience and knowledge of all aspects of large-scale incident response management is key along with strong leadership skills, ideally with experience in both on premises and cloud environments. The ability to communicate technical content with clarity and context is a priority, alongside solid knowledge of nation state and cybercrime attack techniques. A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills. Along with leading reactive incident response cases for some of the most esteemed businesses in the world, lead investigators should be able to build trust and drive significant change in any business they come into contact with, have excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft. Thought leadership is a key priority, in the form of written and spoken content delivered both internally and externally. Any successful candidate should also embody Microsoft’s culture and values.

Job Responsibility

  • Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
  • Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
  • Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
  • Communicating key objectives and results with clarity and context
  • Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
  • Leading research and analysis of security threats, and sharing findings across the team
  • Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
  • Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats
  • Creating new solutions to mitigate security issues
  • Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
  • Leads efforts to clean, structure, and standardize data and data sources
  • leads data quality efforts to ensure timely and consistent access to data sources
  • Developing written content for publication on Microsoft blog platforms
  • Developing presentations for delivery at internal and external conferences
  • Use the unique experiences of Microsoft Incident Response to create unique storytelling moments
  • Lead from the front by ideating, mentoring, and supporting thought leadership efforts across the team
  • Completing operational tasks and readiness with timeliness and accuracy
  • Following Microsoft policies, compliance, and procedures
  • Leading by example and guiding team members on operational tasks, readiness, and compliance

Requirements

  • Doctorate in Computer Science, Computer Security, or related field
  • Master's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • Bachelor's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • equivalent experience
  • Experience in high pressure incident response environments
  • Lead and manage high-profile incident response efforts for some of the world’s largest businesses
  • Coordinate and lead all key stakeholders as the primary point of contact for major incidents
  • Identify gaps early in the engagement process and request appropriate resources to fill those gaps
  • Balance the need for rapid recovery with data collection and evidence preservation
  • Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection
  • Management of large scale incidents in a follow-the-sun format
  • Contextual application of MITRE Attack Framework and or OSI Model
  • Delivery of complex and technical discussions effectively to customer representatives of varying levels
  • Security Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft
  • Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
  • Eligibility or currently active government security clearance
Microsoft Corporation - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Cyber Security Incident Response Lead

8 matching positions

Senior Information Security Incident Response Lead

The Senior Information Security Incident Response Lead is responsible for managi...
Location
Location
Mexico , Mexico
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology, Computer Science or related preferred
  • SANS GIAC Security Essentials (GSEC) or equivalent preferred
  • SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred
  • SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred
  • Advanced experience in a Technology Information Security Industry
  • Advanced experience or knowledge of SIEM and IPS technologies
  • Advanced experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors
  • Advanced understanding of End Point Protection Software
  • Advanced understanding of Enterprise Detection and Response software
  • Advanced knowledge of technological advances within the information security arena
Job Responsibility
Job Responsibility
  • Manages the prevention and resolution of security breaches and ensure incident and problem management processes are initiated
  • Performs access management activities according to the policy
  • Implements and discusses security service audit schedules, review access authorization and perform the required access controls and testing to identify security weaknesses
  • Interacts with a global team of Cyber Security Analysts and specialists
  • Manages 2nd level triaging of security alerts, events, and notifications
  • Manages notifications of internal and/or external teams according to agreed alert priority levels, and escalation trees
  • Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders
  • Follows and updates established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified
  • Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults
  • Maintains an understanding of current and emerging threats, vulnerabilities, and trends
Read More
Arrow Right

Senior Cyber Security Analyst – Incident Response & SOC

We don’t hang up the leash until the job is done. Senior Cyber Security Analyst ...
Location
Location
Salary
Salary:
Not provided
zeektek.com Logo
Zeektek
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Email security fundamentals (SPF, DKIM, DMARC)
  • Phishing and malware investigations
  • DFIR / forensic investigation skills
  • Deep incident response experience
  • Threat analysis across multiple log sources
  • Hands-on tooling knowledge (EDR, SIEM, malware analysis, endpoint/network forensics)
  • Strong troubleshooting and scenario-based thinking
  • Strong written and verbal communication skills
  • Working knowledge of Data Loss Prevention concepts/products, Data Encryption concepts, and endpoint management
  • Technical knowledge of common network protocols and design patterns including TCP/IP, HTTPS, FTP, SFTP, SSH, RDP, CIFS/SMB, NFS
Job Responsibility
Job Responsibility
  • Leading investigations and serving as a subject matter expert while correlating data across multiple log sources and systems
  • Continually improving cyber security procedures and documentation to enhance the security posture of the organization
  • Communicating with users, vendors, and other IT personnel on security-related issues, providing expert guidance and support
  • Staying up to date on evolving cyber threats, identifying their impact, and detecting them in our environment
  • Managing infrastructure security systems such as HIDS/NIDS, SIEM, NGAV, EDR, UBA, WAF, DLP, and vulnerability management tools to meet regulatory requirements
  • Collaborating with business groups to establish and maintain strong working relationships
What we offer
What we offer
  • Weekly Direct Deposit
  • 401K Matching
  • Competitive medical, dental and vision insurance
  • Consistent communication throughout your project
  • ZeekTek Referral Program
Read More
Arrow Right

SOC Lead - Cyber Security Operations

We are seeking an experienced SOC Lead to head Vodafone’s Security Operations Ce...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in security operations, including at least 4+ years in a SOC leadership or senior incident response role
  • Proven leader of 24x7 SOC teams, with a strong track record of improving MTTT/MTTR, triage quality, and operational performance
  • Technical authority in incident response, capable of leading complex investigations and making sound decisions under pressure
  • Highly experienced with SIEM platforms such as Splunk, Microsoft Sentinel, Google SecOps, ArcSight, or QRadar, and familiar with EDR/NDR technologies
  • Skilled in driving SOC automation, SOAR, and AI-enabled capabilities, with a clear understanding of governance and responsible use
  • Knowledgeable across network, endpoint, and cloud security, with a strong grasp of attacker techniques and the MITRE ATT&CK framework
  • Analytical decision-maker who balances risk, speed, and business impact in ambiguous situations
  • Passionate about developing people and building sustainable SOC capability for the future
  • Educated to degree level in Cyber Security, Computer Science, Information Technology, or a related discipline (or equivalent practical experience)
  • Holder of relevant certifications such as GIAC, CISSP, or vendor-specific SOC certifications
Job Responsibility
Job Responsibility
  • Lead and manage 24x7 SOC operations, ensuring consistent, high-quality alert monitoring, triage, and incident response across all markets
  • Own and drive SOC service performance against key KPIs including MTTT, MTTR, triage quality, and SLA adherence, delivering measurable improvements in detection quality, response speed, and efficiency
  • Oversee the full alert lifecycle, ensuring accurate investigation, containment, escalation, and high-quality incident reporting
  • Continuously enhance detection capabilities by improving SIEM use cases, alert logic, and playbooks, reducing false positives and increasing coverage across priority threat scenarios
  • Drive the adoption of automation, SOAR, and AI-assisted capabilities to improve speed, consistency, and scalability, with appropriate governance and human oversight
  • Lead SOC transformation initiatives focused on reducing alert fatigue, streamlining workflows, and improving analyst productivity
  • Build, coach, and develop a high-performing SOC team through structured capability development, performance management, and knowledge sharing
  • Act as the final escalation point for complex or high-risk incidents, applying expert judgement to validate and close cases
  • Deliver clear, data-driven SOC performance and incident reporting to senior leadership
  • Foster a culture of continuous improvement through post-incident reviews, detection retrospectives, and operational learning
What we offer
What we offer
  • The opportunity to lead a globally impactful SOC function within a recognised Cyber Defence Centre of Excellence
  • Exposure to large-scale, complex cyber defence operations across multiple international markets
  • The chance to shape and influence the future of SOC operations through automation and AI-driven transformation
  • A collaborative, inclusive environment that supports professional growth and continuous learning
  • The ability to work with advanced security technologies and experienced cyber defence professionals
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Engineer

BlueWater Federal is looking for a Lead Cyber Security Engineer to support the S...
Location
Location
United States , Colorado Springs
Salary
Salary:
Not provided
bwfed.com Logo
BlueWater Federal Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s or Bachelor’s degree in an IT- or cyber-related field
  • Minimum of 10 years of cyber-related experience
  • Must have an active Secret clearance
  • Security+ certification at a minimum, CISSP preferred
  • Experience with ACAS, ESS, and other compliance tools/techniques
  • Experience with Elastic, Splunk, or other log collection tools
  • Experience with eMASS
  • Robust understanding of Risk Management Framework (RMF) security controls
  • Experience investigating security incidents.
Job Responsibility
Job Responsibility
  • Plan, perform, analyze, and report on compliance with designated security controls using a test environment as well as Assured Compliance Assessment Solution (ACAS) scans
  • Implement vulnerability compliance actions to ensure the safety of SEWS data
  • Ensure all Information Security Continuous Monitoring (ISCM) tasks are completed on time
  • Monitor, assess, and report system security vulnerabilities, document corrective actions, and implement preventative actions to minimize the security vulnerabilities
  • Identify and analyze emergent cybersecurity technologies and systems engineering methods to improve the system’s cybersecurity posture
  • Perform testing to ensure security controls are implemented correctly and ensure the security of SEWS data
  • Perform testing of all upgrades to ensure cybersecurity compliance prior to installation of new equipment
  • Assess, remediate, mitigate, and document/track risks associated with cybersecurity vulnerabilities
  • Perform Security Impact Assessments on all system changes and events to identify and document and impacts to cybersecurity
  • Validate systems are configured securely as part of testing initiatives
What we offer
What we offer
  • medical, dental, and vision coverage
  • generous 401k matching
  • employee stock purchase program
  • life insurance options
  • time off with pay
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Analyst

Lead Cyber Security Analyst | Asset Manager | £140k + Bonus. You will take end-t...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
weareorbis.com Logo
Orbis Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience as a Cyber Lead in a small-to-mid sized organisation or Senior/Lead engineer from a cyber security vendor or MSP
  • Azure cloud experience is essential
  • Familiarity with Zero Trust networking concepts (Azure-based)
  • Broad knowledge of modern InfoSec tooling and practices
  • Exposure to AI and its impact on cyber security is a strong plus
Job Responsibility
Job Responsibility
  • Owning and evolving security policies, standards and procedures
  • Managing and challenging third party security vendors and MSPs
  • Leading audit and assurance activities
  • Oversight of DLP, penetration testing, vulnerability management, and incident response
  • Advising the business on emerging risks, including AI-driven security threats
What we offer
What we offer
  • Bonus
  • Fulltime
Read More
Arrow Right

Cyber Incident Response Commander

The Cyber Incident Response Commander plays a critical leadership role in managi...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree (or equivalent) in Cybersecurity, Computer Science, or related STEM field
  • Minimum 5 years of experience in cybersecurity roles such as CERT / CSIRT, SOC / SecOps, GRC (Governance, Risk & Compliance)
  • Required Certifications (or equivalent experience): GCFA, CIH, CISSP, CEH, ECSA, ITIL Foundation
  • Strong knowledge of incident response methodologies (e.g., NIST, ISO 27035, SANS)
  • Experience with SOC operations and forensic investigations
  • Good understanding of security tools, detection, and response techniques
  • Ability to communicate complex cybersecurity topics to senior leadership and executives
  • Professional proficiency in English (written and spoken)
Job Responsibility
Job Responsibility
  • Maintain and continuously improve the Incident Response Plan (IRP) and its appendices
  • Ensure alignment between the IRP and other relevant security policies and frameworks
  • Develop and refine incident response playbooks to ensure clarity of roles and operational efficiency
  • Collaborate with Legal and Communications teams to strengthen response processes
  • Tailor IRPs to specific scopes (e.g., regions, subsidiaries, maritime operations)
  • Capture lessons learned from incidents and provide actionable improvement recommendations
  • Identify links and patterns between incidents to improve detection and response strategies
  • Support internal and external audits by providing required documentation and evidence
  • Act as Incident Commander during security incidents, coordinating cross-functional teams
  • Assess incident severity and determine appropriate escalation levels
What we offer
What we offer
  • Strong base salary
  • Annual performance bonus
  • Fully covered benefits package including life insurance, long-term disability, health, dental, and vision coverage, plus a health spending account
  • Sopra Steria covers 100% of premiums
  • Generous paid time off including sick leave, personal days, and 3 weeks of vacation
  • Monthly transportation allowance
  • Excellent learning, development, and career advancement opportunities
  • Hybrid work environment
  • All necessary equipment provided
  • Fulltime
Read More
Arrow Right

Cyber Incident Response Manager

We are seeking a Cyber Incident Response Manager to strengthen and scale Fever’s...
Location
Location
Argentina
Salary
Salary:
Not provided
https://feverup.com/fe Logo
Fever
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of modern security tooling, including SOAR platforms, cloud-native detection services, EDR solutions (e.g. CrowdStrike), SIEM platforms and automation technologies
  • Skilled in analyzing and correlating large-scale security telemetry across cloud, SaaS, and endpoint sources using languages and tools such as Python, AWS Athena, Google BigQuery, etc.
  • Ability to rapidly automate data handling, detection logic, and remediation workflows
  • Hands-on experience responding to security incidents in cloud environments
  • Ability to design, document, and maintain IR runbooks, playbooks, and tabletop exercises
  • 5+ years of experience in cybersecurity, with at least 2–3 years dedicated to leading an incident response process
  • Fluent in English (written and spoken)
  • An analytical mindset and strong problem-solving skills
  • Excellent communication skills
Job Responsibility
Job Responsibility
  • Strengthen and scale the incident response program
  • Design, update, and maintain IR processes, playbooks, and runbooks tailored to cloud and corporate IT environments
  • Enhance detection engineering capabilities by collaborating with infrastructure, data, and engineering teams
  • Lead response coordination efforts during incidents, ensuring rapid containment, eradication, and recovery
  • Enhance monitoring and detection with integrated threat intelligence and advanced threat detection capabilities
  • Manage and mentor a specialized incident response team
  • Continuously assess and improve IR metrics, KPIs, dashboards, and reporting methodologies
  • Conduct IR training, simulations, and preparedness exercises across the organization
What we offer
What we offer
  • "Relación de dependencia" contract
  • Opportunity to have a real impact in a high-growth global category leader
  • 40% discount on all Fever events and experiences
  • Osde 410 as medical insurance
  • Home office friendly anywhere in Argentina
  • Responsibility from day one, and professional and personal growth
  • Great work environment with a young, international team of talented people to work with!
  • English Lessons
  • Gympass
  • Attractive compensation package consisting of base salary and the potential to earn a significant bonus for top performance (including Base, Variable, and Stock Options)
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Analyst

FinXL is seeking an experienced Lead Cyber Security Analyst to play a key role i...
Location
Location
Australia , Canberra
Salary
Salary:
Not provided
finxl.com.au Logo
FinXL
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must be Australian Citizen with minimum of NV1 Clearance
  • Experience as a Cyber Security Analyst
  • Proven track record in designing, implementing, and testing use cases for malicious activity detection
  • Hands-on experience in Incident Response and handling security events
  • Strong communication skills with the ability to maintain technical documentation
  • Familiarity with leveraging threat intelligence feeds
Job Responsibility
Job Responsibility
  • Assist with onboarding new systems and creating detection logic
  • Lead remediation efforts and undertake proactive threat hunt activities
  • Develop automated playbooks and collaborate with Threat Intelligence teams to evolve our countermeasures
  • Maintain and enhance the health of our core Cyber Security systems
Read More
Arrow Right