CrawlJobs Logo
Microsoft Corporation Logo Microsoft Corporation · IT - Software Development

Senior Security Engineer - Security Incident Response

United States, Multiple Locations 119800.00 - 234700.00 USD / Year · Job Posted January 27, 2026
Apply Position
Job Link Share

Job Description

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. Security represents a critical priority for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a secure cloud that protects them with end-to-end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Aligning with Microsoft's mission and the focus of the Microsoft Security organization, this role is an integral part of a larger team dedicated to delivering world-class security operations that contain and evict threat actor activities.

Job Responsibility

  • Coordinates with investigators to prioritize investigation objectives, understands attack paths, and systematically executes mitigation and protection actions to evict threat actors for any security incident impacting any of Microsoft’s products or services
  • Conducts hands-on mitigation where possible
  • engages service owners when there is a risk of a production outage
  • Maintains hands-on knowledge of mitigation and protection steps for various asset types (e.g. M365, Azure, AI) and publishes self-service guidance for impacted engineering teams
  • Briefs executive stakeholders on eviction plans and associated status
  • Maintains and evolves an inventory of threat actor Tactics, Techniques, and Procedures (TTPs) and the corresponding eviction capabilities
  • Define and prioritize requirements and use cases for Microsoft’s threat actor eviction platform
  • operationalize as they are delivered
  • Drives strategic change to accelerate eviction scenarios (e.g. lean business cases to garner support for broader Microsoft product initiatives or features)
  • Participates in an on-call rotation

Requirements

  • Doctorate in Statistics, Mathematics, Computer Science, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • equivalent experience
  • Active U.S. Government Secret Security Clearance
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Nice to have

  • 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
  • Bachelor's Degree in Statistics, Mathematics, Computer Science or related field
  • 3+ years of hands-on experience working in cyber security incident response
  • 7+ years of hands-on experience working in cybersecurity incident response
  • Bachelor’s degree in Cybersecurity, Information Technology, or a related field
  • Hands-on experience with incident response in Azure or Microsoft 365
  • Proficient with Kusto data query languages
  • Ability to work under pressure, structure unstructured problems and provide clarity where ambiguity exists
  • Ability to operate with autonomy, influence others, and a bias for action
Microsoft Corporation - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Security Engineer - Security Incident Response

8 matching positions

Senior Security Engineer - Security Incident Response

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • equivalent experience
  • Active U.S. Government Secret Security Clearance
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • U.S. citizenship verification
Job Responsibility
Job Responsibility
  • Coordinate with investigators to prioritize investigation objectives, understands attack paths, and systematically executes mitigation and protection actions to evict threat actors for any security incident impacting any of Microsoft’s products or services
  • Conduct hands-on mitigation where possible
  • engages service owners when there is a risk of a production outage
  • Maintain hands-on knowledge of mitigation and protection steps for various asset types (e.g. M365, Azure, AI) and publishes self-service guidance for impacted engineering teams
  • Brief executive stakeholders on eviction plans and associated status
  • Maintain and evolves an inventory of threat actor Tactics, Techniques, and Procedures (TTPs) and the corresponding eviction capabilities
  • Define and prioritize requirements and use cases for Microsoft’s threat actor eviction platform
  • operationalize as they are delivered
  • Drive strategic change to accelerate eviction scenarios (e.g. lean business cases to garner support for broader Microsoft product initiatives or features)
  • Participate in an on-call rotation
  • Fulltime
Read More
Arrow Right

Senior Security Incident Response Engineer

We are a global team of innovators and pioneers dedicated to shaping the future ...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
newrelic.com Logo
New Relic
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Willingness to work in rotational shifts including Morning, Evening and Night shifts
  • Willingness to work in weekend shifts and support on call
  • At least five years of recent experience working in a threat hunting, threat intelligence, incident response, or security engineering role
  • Experience configuring security incident and event management tools, including creating event filtering, correlation rules, and reports
  • Strong understanding of the MITRE ATT&CK Framework
  • Experience performing risk assessment, threat tracking, or vulnerability management and success in evaluating and communicating severity, impact, and likelihood of a risk to a wide audience
  • Familiarity with digital forensic tools and techniques for hands-on response during incidents
Job Responsibility
Job Responsibility
  • Support and maintain response strategy and tooling to severe incidents and key attack scenarios
  • Support the SoC alert life cycle: triage security risk, investigate alerts, develop runbooks, policies and procedures to help the company respond, and run retrospectives to coordinate effort across the company to prevent future incidents
  • Maintain healthy working relationships with our managed security service providers and respond to incident escalations
  • Maintain coordination and communication streams horizontally and vertically as part of major cyber related incident handling
  • Know the latest APT tactics and techniques and use engineering practices to detect and respond
  • Provide technical expertise to engineering teams on standard methodologies, tools and frameworks
  • Work with product managers, senior management, and end users to drive security maturity across the business
Read More
Arrow Right

Senior Security Engineer - Incident Response

Mozilla is looking for an Incident Responder to monitor and mitigate attacks acr...
Location
Location
Germany
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of demonstrated ability managing security incidents at a global scale and/or experience working in Security Operations Centers (SOC), Product Security Incident Response Teams (PSIRT), and Computer Security Incident Response Teams (CSIRT)
  • Expertise with security information and event management (SIEM) systems (eg. ELK, Google BigQuery, Splunk, etc.). Splunk proficiency is preferred
  • Expertise with endpoint detection and investigation. Hands-on experience with leading EDR tools and demonstrated ability to leverage endpoint telemetry to find root cause
  • Expertise with security orchestration and automation (SOAR) platforms such as Tines or Splunk SOAR
  • Superb communication and leadership capacity
  • ability to partner effectively with diverse company stakeholders
  • Real-world experience in software development and/or engineering operations for consumer products and services
  • B.S. in a technology-focused field is helpful
  • Practical experience working with cloud technologies (eg. Google Cloud Platform, Amazon Web Services, Heroku, Microsoft Azure, etc.)
  • Ownership and Accountability
Job Responsibility
Job Responsibility
  • Identify and respond to security incidents on a global scale
  • Act as an incident commander to drive incidents through the entire response lifecycle
  • Design and maintain a portfolio of security alerts, automated actions, playbooks and escalation workflows in support of a high-performing 24/7 incident response capability
  • Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors
  • Research threat intelligence reports, triage and manage resulting workflows
  • Partner with key stakeholders and communicate effectively to maintain a continuously improving feedback loop of preparation, identification, analysis, containment, and post mortem activities
  • Participate in on-call rotation
What we offer
What we offer
  • Generous performance-based bonus plans
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting
  • Quarterly all-company wellness days
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Senior Security Response Engineer

At Cloudera, we empower people to transform complex data into clear and actionab...
Location
Location
India , Bangalore; Chennai
Salary
Salary:
Not provided
cloudera.com Logo
Cloudera
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Robust analytical mindset and self-starter with a genuine interest in forward-thinking cybersecurity
  • Relevant educational degree (Information Security / Information Assurance / Cybersecurity) or equivalent cybersecurity work experience (3-5 years)
  • Three or more years of technical experience in providing large enterprise incident response and/or threat hunting
  • Proficiency with security technologies, including SIEM, EDR, and cloud security systems
  • Strong understanding of cyber threats, attack techniques, and incident response methodologies
  • Must be able to independently analyze and respond to alerts and security incidents, including but not limited to triage, root cause analysis, and response coordination
  • Proficiency in analyzing and responding to threats on Linux-based systems
  • Excellent problem-solving and communication skills
  • Ability to work effectively both independently and as part of a team
  • Proficiency in analyzing and responding to threats in one or more cloud/containerized environments (AWS/GCP/Azure/Kubernetes/Docker)
Job Responsibility
Job Responsibility
  • Proactively monitor and respond to security alerts and events from various sources, including SIEM, Cloud Security Platforms, EDR, and other technologies
  • Conduct in-depth analysis of security incidents to determine the root cause and impact, and recommend appropriate mitigation strategies
  • Collaborate with cross-functional teams to investigate and respond to security incidents, including documenting findings and actions taken
  • Develop and maintain incident response playbooks, processes, standards, procedures, and workflows to streamline response efforts and improve the organization's security posture
  • Participate in threat hunting activities to identify advanced threats and vulnerabilities
  • Identify, document, and research threat intelligence findings and reports
  • Independently complete tasks and projects as they arise
  • Collaborate with cross-functional teams on various cybersecurity initiatives
  • Provide mentorship and guidance to junior analysts and engineers
  • Assist in the evaluation and implementation of security tools and technologies
What we offer
What we offer
  • Generous PTO Policy
  • Support work life balance with Unplugged Days
  • Flexible WFH Policy
  • Mental & Physical Wellness programs
  • Phone and Internet Reimbursement program
  • Access to Continued Career Development
  • Comprehensive Benefits and Competitive Packages
  • Paid Volunteer Time
  • Employee Resource Groups
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Detection and Response

As a Senior Security Engineer on the Detection & Response team, you will play a ...
Location
Location
United States; Canada
Salary
Salary:
156000.00 - 210000.00 USD; CAD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security technical engineering roles
  • 3+ years focused on security operations, detection engineering or incident response
  • Hands-on experience with detection engineering and automation, including SIEMs, SOAR platforms, behavior analytics, and Detection-as-Code workflows
  • Strong understanding of modern attacker techniques and how they apply to cloud-native, SaaS, and identity-centric environments
  • Experience with endpoint, runtime, and forensic tools across multiple operating systems
  • Knowledge of cloud environments (e.g., AWS, GCP) and security best practices for cloud-native systems
  • Proficiency with scripting and infrastructure tools (e.g., Python, Bash, Terraform, CI/CD pipelines) to support automation and internal tooling
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Design, build, and continuously improve threat detections across 1Password’s infrastructure, products, internal tools, and corporate environments
  • Lead and support security incident response activities, including investigation, containment, remediation, and post-incident learning
  • Apply threat intelligence and knowledge of attacker TTPs to detection development, threat hunting, alert triage, and response prioritization
  • Collaborate with Security, Infrastructure, and IT teams to improve security visibility, logging quality, and response readiness
  • Use automation, scripting, and Detection-as-Code practices to scale detection and response workflows and improve reliability
  • Own end-to-end security projects aligned with Detection & Response initiatives and broader security strategy
  • Participate in a shared on-call rotation and support high-severity incidents as needed
  • Contribute to operational maturity through playbooks, mentoring, tabletop exercises, audits, and cross-functional initiatives
What we offer
What we offer
  • Health benefits
  • Dental benefits
  • 401k
  • RRSP
  • Generous PTO
  • Equity grant
  • Incentive programs
  • Maternity and parental leave top-up programs
  • RSU program for most employees
  • Retirement matching program
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Security Operations

The senior security engineer role provides a unique opportunity to shape the sec...
Location
Location
United States , REMOTE; SAN FRANCISCO; ROSEVILLE; LEHI; WEST PALM BEACH; IRVINE
Salary
Salary:
146000.00 - 170000.00 USD / Year
goodleap.com Logo
GoodLeap
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences
  • Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations
  • Experience with threat modeling methodologies
  • Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR
  • Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus)
  • Proven ability to establish credibility and build trust with business, engineers, and operational staff
  • Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce
  • Experience working with and creating solutions based AI and ML toolsets – e.g., creation of AI skills, agents, MCP clients, vibe coding
  • Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases
  • Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK
Job Responsibility
Job Responsibility
  • Lead, participate in, and contribute to security and fraud monitoring, detection, and response activities, inclusive of investigations, threat hunting,etc. Create playbooks for specific incident response scenarios
  • Identify potential misuse and abuse cases in enterprise systems, propose solutions to detect these scenarios, and identify and implement monitoring and detection solutions for such scenarios
  • Support or develop components of the security analytics platform
  • Support embedded (product) security team
  • Support general security operations team with vulnerability management, tools management, and more
What we offer
What we offer
  • bonus
  • equity
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Corporate Security

We are hiring a Senior Corporate Security Engineer to own and scale the security...
Location
Location
Salary
Salary:
Not provided
turnkey.com Logo
Turnkey
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in corporate and/or enterprise security, IT security, or endpoint security engineering
  • Hands-on experience with: MDM Platforms (JAMF, Kandji, Intune, or similar)
  • EDR/XDR solutions (Cloudstrike, SentinelOne, Microsoft Defender, etc.)
  • Identity and Access Management (Okta, Azure AD/Entra ID, etc.)
  • Authentication Protocols (SAML, OAuth, OIDC, SCIM, etc.)
  • Zero-trust principles (device trust, conditional access, least-privilege models)
  • Cloud security experience (AWS, GCP)
  • macOS security expertise (architecture, hardening, and fleet management)
  • Security-first mindset with practical knowledge of defense-in-depth and risk-based security
Job Responsibility
Job Responsibility
  • Build & Secure Corporate Infrastructure: Design, implement, and manage security for endpoints and distributed systems
  • deploy and operate our security stack (MDM, EDR/XDR, ZTNA, SSO)
  • enforce zero-trust principles, least-privilege access, and hardening standards
  • Drive Security Initiatives & Risk Reduction: Lead initiatives around endpoint hardening, access controls, and vendor risk
  • conduct security design reviews, risk assessments, and vulnerability remediation
  • develop and enforce security policies and best practices.
  • Detection, Response & Automation: Respond to security incidents with urgency and technical depth
  • collaborate on detection rules, alerts, and monitoring
  • automate workflows and create runbooks and playbooks to scale security operations efficiently.
  • Foster Security Culture & Education: Evangelize security best practices, build awareness programs, and partner with teams to embed “secure by default” principles into workflows
What we offer
What we offer
  • Full benefits, including medical, dental, vision, life, disability, HSA/FSA, 401(k)
  • Paid parental leave
  • Unlimited PTO
  • $3,000/yr learning and development budget to attend industry conferences
  • Multiple team offsites per year
  • Macbook Pro laptop
  • Lunch stipend (for those physically in the New York City office)
  • Fulltime
Read More
Arrow Right

Senior Security Software Engineer - Security Operations

The Role GM’s Cybersecurity Team safeguards the company’s global information ass...
Location
Location
United States , Warren
Salary
Salary:
125200.00 - 158600.00 USD / Year
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7 years in software security engineering
  • advanced proficiency in modern programming languages
  • Expert in API development, microservices, event streaming, and idempotent integration patterns
  • Experience deploying software using any modern CI/CD pipeline and automated delivery practices
  • Hands-on with security tooling integrations (e.g., SIEM, EDR, SSPM)
  • Proven AI integration experience: LLM agents, embeddings, vector databases, RAG, prompt engineering
  • Cloud proficiency (Azure/AWS/GCP) and IaC (Terraform/Bicep/ARM/CloudFormation)
  • Data engineering fluency: ETL/ELT, schema design, normalization/enrichment
  • formats (JSON, YAML, syslog, STIX/TAXII)
  • Excellent cross-functional communication
Job Responsibility
Job Responsibility
  • Own architecture & delivery for complex integration services (APIs, microservices, event-driven workflows) with production SLIs/SLOs
  • Build AI-driven workflows (RAG, summarization, classification, agents) that augment investigations, triage, and orchestration
  • Create reusable connectors bridging SIEM/EDR/IAM/SSPM/ITDR/ITSM and cloud telemetry with robust error handling, retries, and DLQs
  • Implement security automation (SOAR-like playbooks) that enrich alerts and trigger deterministic + AI-assisted responses
  • Harden and observe services with CI/CD, automated testing, performance profiling, metrics, and incident runbooks
  • Mentor engineers and lead technical design reviews, coding standards, and reference implementations
  • Translate requirements into clear epics/roadmaps
  • align stakeholders and deliver on time with quality
What we offer
What we offer
  • medical
  • dental
  • vision
  • Health Savings Account
  • Flexible Spending Accounts
  • retirement savings plan
  • sickness and accident benefits
  • life insurance
  • paid vacation & holidays
  • incentive pay program based on company, job level, and individual performance
  • Fulltime
Read More
Arrow Right