CrawlJobs Logo

Cyber Security Incident Response Lead

https://www.microsoft.com/ Logo

Microsoft Corporation

Location Icon

Location:
United Kingdom , Multiple Locations

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Microsoft Detection and Response Team (DART) are seeking a skilled and experienced lead investigator to join our team, who is the first port of call for many customers during a security incident. This role presents an opportunity to be the tip of the spear during incident response engagements, the key point of contact and decision maker throughout an incident. You will be presenting investigative findings to stakeholders from every part of the business with a particular focus on the executive team members. Hands on experience and knowledge of all aspects of large-scale incident response management is key along with strong leadership skills, ideally with experience in both on premises and cloud environments. The ability to communicate technical content with clarity and context is a priority, alongside solid knowledge of nation state and cybercrime attack techniques. A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills. Along with leading reactive incident response cases for some of the most esteemed businesses in the world, lead investigators should be able to build trust and drive significant change in any business they come into contact with, have excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft. Thought leadership is a key priority, in the form of written and spoken content delivered both internally and externally. Any successful candidate should also embody Microsoft’s culture and values.

Job Responsibility:

  • Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
  • Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
  • Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
  • Communicating key objectives and results with clarity and context
  • Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
  • Leading research and analysis of security threats, and sharing findings across the team
  • Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
  • Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats
  • Creating new solutions to mitigate security issues
  • Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
  • Leads efforts to clean, structure, and standardize data and data sources
  • leads data quality efforts to ensure timely and consistent access to data sources
  • Developing written content for publication on Microsoft blog platforms
  • Developing presentations for delivery at internal and external conferences
  • Use the unique experiences of Microsoft Incident Response to create unique storytelling moments
  • Lead from the front by ideating, mentoring, and supporting thought leadership efforts across the team
  • Completing operational tasks and readiness with timeliness and accuracy
  • Following Microsoft policies, compliance, and procedures
  • Leading by example and guiding team members on operational tasks, readiness, and compliance

Requirements:

  • Doctorate in Computer Science, Computer Security, or related field
  • Master's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • Bachelor's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • equivalent experience
  • Experience in high pressure incident response environments
  • Lead and manage high-profile incident response efforts for some of the world’s largest businesses
  • Coordinate and lead all key stakeholders as the primary point of contact for major incidents
  • Identify gaps early in the engagement process and request appropriate resources to fill those gaps
  • Balance the need for rapid recovery with data collection and evidence preservation
  • Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection
  • Management of large scale incidents in a follow-the-sun format
  • Contextual application of MITRE Attack Framework and or OSI Model
  • Delivery of complex and technical discussions effectively to customer representatives of varying levels
  • Security Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft
  • Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
  • Eligibility or currently active government security clearance

Additional Information:

Job Posted:
February 03, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Microsoft Corporation - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cyber Security Incident Response Lead

Security Incident Management Analyst

The Security Incident Management Analyst is an intermediate level position respo...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Relevant professional certifications issued by GIAC, AWS, etc., preferably GCCC, GCIH, CEH, ECSA
  • General Industry knowledge of reporting obligations pertaining to local and national laws and regulatory bodies such as OCC, SEC, ECB, MAS
  • Working knowledge of common security models (Defense-in-Depth) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
  • Working knowledge of VERIS taxonomy
  • Working knowledge of OSI model
  • Working knowledge of security and/or incident response in cloud environments
  • Working knowledge of software development best practices, including agile methods
  • Familiar with Atlassian tools
  • Previous experience working in highly regulated environment
  • Previous experience in a fusion center and/or exposure to large scale incident response
Job Responsibility
Job Responsibility
  • Work as part of a best in class ‘follow the sun’ security incident response team
  • Lead and manage incident response activities to ensure that requisite triage, containment, and eradication are completed within targeted timeframes
  • Ensure that the security incident record is complete, accurate and fit for purpose
  • Collect and analyze evidence including investigative findings and prepare to coordinate with internal and external compliance and audit personnel
  • Execute incident response meetings and communicate complex security topics
  • exhibit good judgment and discretion when initiating escalations to all levels of the organization
  • Ensure that controls are utilized daily and that non-compliance remediation is addressed by appropriate selection
  • Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
  • Assist with defining and implementing information security standards to align procedures and practices in pursuit of compliance with Citigroup standards
  • Validate compliance with information security policies, practices, and procedures, and resolve a variety of information security related issues in coordination with the relevant business(es)
  • Fulltime
Read More
Arrow Right

Senior Cyber Security Consultant

Join Our Expert Team. We are seeking a skilled Senior Cyber Security Consultant ...
Location
Location
Austria , Vienna
Salary
Salary:
Not provided
alpenite.com Logo
Arsenalia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s degree in Computer Science, Cybersecurity, Engineering or similar fields
  • 6-8 years of experience in senior cybersecurity roles, with at least 3 years in technical leadership positions
  • Solid expertise in enterprise security architectures, zero-trust frameworks, and multi-cloud security (AWS, Azure, GCP)
  • Proven track record in managing enterprise security programs and coordinating incident response teams
  • Strong skills in analyzing advanced threats and designing defense-in-depth strategies
  • Excellent strategic coordination and executive-level communication
  • Fluent in English (C1/C2) with experience in international environments
  • Willingness to travel frequently and lead projects across multiple geographies
  • Strong results orientation, strategic mindset, and continuous innovation drive
Job Responsibility
Job Responsibility
  • Design and implement security solutions for multi-cloud and hybrid environments
  • Lead strategic threat analysis and large-scale vulnerability assessments to shape long-term security planning
  • Manage complex incidents and breaches, coordinating cross-functional teams and engaging with C-level stakeholders
  • Embed security-by-design into digital transformation programs and enterprise architectures
  • Define and apply governance frameworks aligned with international standards (ISO 27001, NIST, SOC2)
  • Build proactive threat intelligence and hunting strategies to stay ahead of emerging risks
  • Mentor junior and mid-level security professionals, fostering a strong security-first mindset
  • Represent Arsenalia in high-level technical and business contexts, acting as a trusted advisor to enterprise clients
What we offer
What we offer
  • Welfare Package: A comprehensive corporate welfare platform, offering a wide range of benefits and healthcare support
  • Worklife Kit: A complete welcome package with all essentials for day-to-day productivity, complemented by comprehensive benefits
  • digital meal vouchers and flexible reimbursement options
  • Empowering People: Engagement initiatives, team building, and mentoring programs
  • Open Space, Open Mind: Modern open-space offices and collaborative areas
  • Career Path: internal Changemaker Path methodology to grow key relational, communication, and leadership skills
  • Learning & Development: Continuous improvement programs, certification opportunities, and incentives
Read More
Arrow Right

Senior Cybersecurity Incident Response Analyst

You will work as a Senior Cybersecurity Incident Response Analyst as part of Hew...
Location
Location
Ireland , Galway
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree (or equivalent work experience) required, preferably in computer science, engineering or related area of study
  • typically 4+ years of relevant experience
  • SOC team/Incident response analyst experience is required
  • proven track record of leading complex cybersecurity initiatives and managing ambiguous incidents
  • advanced understanding of adversary tactics, techniques, and procedures (TTPs)
  • advanced Cyber and IT security knowledge
  • advanced understanding of Cyber and IT security risks, best practices, threats and prevention measures as well as containment and remediation actions
  • advanced understanding of SQL and relevant scripting languages
  • advanced data security system analysis skills
  • advanced risk assessment and management skills
Job Responsibility
Job Responsibility
  • Lead and coordinate responses to the most complex cybersecurity incidents, guiding cross-functional teams through containment, eradication, and recovery
  • analyze associated logs and respond to high severity incidents
  • suggest automation opportunities to enhance IR
  • mentor and provide technical guidance to less experienced cybersecurity professionals
  • stay at the forefront of cybersecurity trends, threats, and technologies
  • foster a culture of continuous improvement and innovation
  • encourage the adoption of new technologies and methodologies
  • provide insight and guidance through after action reviews working with stakeholders.
What we offer
What we offer
  • Comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • programs for professional and personal career development
  • unconditional inclusion and flexibility to manage work and personal needs.
  • Fulltime
Read More
Arrow Right

Principal Cybersecurity Incident Response Analyst

Principal Cybersecurity Incident Response Analyst role at HPE's Cyber Defense Ce...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree (or equivalent work experience) required, preferably in computer science, engineering or related area of study
  • Typically 8+ years of relevant experience
  • SOC team/Incident response/Advanced threat analyst experience is required
  • Proven track record of leading complex cybersecurity initiatives and managing ambiguous incidents
  • Extensive understanding of adversary tactics, techniques, and procedures (TTPs)
  • Extensive Cyber and IT security knowledge
  • Extensive understanding of Cyber and IT security risks, best practices, threats and prevention measures
  • Extensive understanding of SQL and relevant scripting languages
  • Extensive data security system analysis skills
  • Extensive risk assessment and management skills
Job Responsibility
Job Responsibility
  • Lead and coordinate responses to the most severe and complex cybersecurity incidents
  • Guide cross-functional teams through containment, eradication, and recovery
  • Provide executive-level oversight and decision-making during critical incidents
  • Effectively analyze associated logs and respond to high severity incidents
  • Contribute to the company's security response methods
  • Mentor and provide technical guidance to less experienced cybersecurity professionals
  • Stay at the forefront of cybersecurity trends, threats, and technologies
  • Foster a culture of continuous improvement and innovation
  • Provide insight and guidance through after action reviews
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive benefits suite supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Cyber Security Soc Analyst

The SOC Analyst (L1/L2) and Lead are responsible for proactive monitoring, detec...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge of SIEM platforms and alert investigation
  • Advanced incident response, malware analysis, and RCA expertise
  • Deep knowledge of endpoint and network security tools
  • Threat hunting and forensic investigation capabilities
  • Familiarity with vulnerability management and DLP/email security
  • Experience with threat intelligence platforms and TTP mapping
  • Strong analytical, communication, and documentation skills
  • Guide development of SOC procedures/runbooks and continuous improvement initiatives
  • Administer DLP and email security systems
  • Operate Microsoft Defender for Endpoint, conduct threat hunting via EDR telemetry and memory dumps
Job Responsibility
Job Responsibility
  • Proactive monitoring, detection, investigation, and response to security threats using industry-leading solutions
  • Guide and architect SOC workflows and systems to ensure robust organizational security
  • Threat hunting and forensic investigation
  • Administer DLP and email security systems
  • Operate Microsoft Defender for Endpoint, conduct threat hunting via EDR telemetry and memory dumps
  • Use, configure, and optimize SIEM tools (Splunk, IBM QRadar, Microsoft Sentinel, LogRhythm, ArcSight, Elastic SIEM) for threat identification and alert management
  • Guide development of SOC procedures/runbooks and continuous improvement initiatives
  • Leadership and team management
What we offer
What we offer
  • Inclusive and respectful work environment
  • Positions open to people with disabilities
  • Fulltime
Read More
Arrow Right

Cyber Security Engineer

Darumatic is an IT Consultancy and Recruitment Services Company that focuses on ...
Location
Location
Australia , Canberra
Salary
Salary:
Not provided
darumatic.com Logo
Darumatic
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Character clearance, including a police check
  • Negative Vetting level 1
  • Political neutrality
  • Australian citizen
  • Experience using Sentinel or a similar SIEM solution is essential
  • In-depth familiarity with the Australian Government Information Security Manual
  • Experience with security technologies such as endpoint protection, firewalls and IDS/IPS
  • Extensive experience in Windows, Linux, networking and system administration
  • Experience with security services in the cloud (Azure or AWS)
Job Responsibility
Job Responsibility
  • Detection and coordination of incident response to threats, both foreign and domestic, against critical electoral systems
  • Augmenting the existing operations team to assist in uplifting the existing capability
  • Maintenance of cyber security monitoring and analysis toolsets
  • Taking a lead role in the build of the cyber security architecture through consultation with client's internal teams to secure this architecture
  • Working primarily in the office
  • Ability to work shifts as required in response to cyber security incident, and also to support electoral events at key periods (e.g. close of rolls, polling day)
Read More
Arrow Right

Cyber Security-Fraud Analyst

The L2 Support Fraud Detection Senior Analyst is a pivotal team member responsib...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Tools: Octoflow, Mosaic
  • conduct investigations and reporting using Octoflow and Mosaic platforms
  • provide recommendations based on analytics derived from these tools
  • support secure integration of APIs and web services within fraud detection platforms
  • liaise with developers to validate and enhance security features in applications
  • analyse and correlate logs using SIEM solutions to identify and remediate suspicious activity
  • respond to real-time alerts and participate in threat hunting operations
  • integrate threat intelligence feeds into operational systems
  • regularly update detection mechanisms in response to emerging risks
  • lead and document the resolution of escalated fraud incidents
Job Responsibility
Job Responsibility
  • Conduct investigations and reporting using Octoflow and Mosaic platforms
  • provide recommendations based on analytics derived from these tools
  • support secure integration of APIs and web services within fraud detection platforms
  • liaise with developers to validate and enhance security features in applications
  • analyse and correlate logs using SIEM solutions to identify and remediate suspicious activity
  • respond to real-time alerts and participate in threat hunting operations
  • integrate threat intelligence feeds into operational systems
  • regularly update detection mechanisms in response to emerging risks
  • lead and document the resolution of escalated fraud incidents
  • collaborate with cross-functional teams for swift containment, investigation, and recovery
What we offer
What we offer
  • Inclusive and respectful work environment
  • positions open to people with disabilities.
  • Fulltime
Read More
Arrow Right

Operational Technology (OT) Cyber Security Engineer

The OT Cyber Security Engineer will contribute to the delivery of high-quality t...
Location
Location
United Kingdom , Stockton-on-Tees
Salary
Salary:
Not provided
risktec.tuv.com Logo
Risktec Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A relevant technical degree or equivalent industry experience in OT cybersecurity is desirable
  • Good working understanding of industrial control systems (DCS, SCADA, PLCs, etc.)
  • Prior experience in technical delivery roles, including hands-on involvement in a project delivery or client-facing setting, is desirable but not essential
  • Evidence of delivering high-quality technical work under supervision
  • Foundational knowledge of OT cybersecurity practices, frameworks, and regulations, such as IEC 62443, CAF, OG86, and NIS
  • Awareness of OT cybersecurity techniques and tools for compliance with national/international standards, contributing to effective technical solutions
  • Developing competency in performing assignments in areas such as: Supporting risk assessments and vulnerability analysis of OT environments
  • Assisting in asset inventory preparation and management for industrial control systems (ICS)
  • Conducting physical and standards-based site audits, aligned with international standards
  • Contributing to network diagram creation to improve system visibility and security
Job Responsibility
Job Responsibility
  • Support risk assessments and create asset inventories for OT systems across client sites under supervision
  • Perform physical and standards-compliant site audits as directed by senior consultants or team leads
  • Assist in the creation, documentation, review, and validation of network diagrams and OT systems architecture
  • Support the review, development, and implementation of OT Cyber Security Management Systems (CSMS) in alignment with established frameworks and international standards
  • Collaborate with the OT Cyber Security team and other departments to deliver projects successfully, ensuring high-quality outputs
  • Prepare and deliver accurate and professional technical reports and documentation that meet client expectations and regulatory compliance
  • Stay informed of industry trends and emerging OT cybersecurity challenges, applying foundational knowledge to support team-directed initiatives
  • Interaction with customers to ensure TUV deliver a solution on time and to high quality
What we offer
What we offer
  • comprehensive training
  • flexible working
  • a great pay and benefits package
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy