New

Cybersecurity Incident Response Coordinator

Microsoft
$119,800.00 - $234,700.00 / yr
United States, Texas, Irving
7000 State Highway 161 (Show on map)
Mar 07, 2026
Overview With more than45,000 employeesand partners worldwide, the Customer Experience and Success (CE&S) organization is on a mission to empower customers to accelerate business value through differentiated customer experiences thatleverageMicrosoft's products and services, ignited by our people and culture. We drive cross-company alignment and execution, ensuring that we consistently exceed customers' expectations in every interaction, whether in-product, digital, or human-centered. CE&Sis responsible forall up services across the company, including consulting, customer success, and support across Microsoft's portfolio of solutions and products. Join CE&S and help us accelerate AI transformation for our customers and the world. The MicrosoftIncident Response Team-Detectionand Response Team (DART) are seeking a skilled andexperiencedCybersecurity Incident ResponseCoordinatorto join our team-DART isthe first port of call for many customers during a security incident. Thispivotal, customer-facingposition calls for a tactical and agile leader and influencer, one who is adept at managingcomplex cybersecurity incidents, fostering synergistic teamwork acrossmultifacetedgroups and ensuring the effectivestaffingand resolution ofboth proactive and reactive deliveries. This position is tailored for an individual who not only excels incybersecurity technical acumen, but alsodemonstratesrobust capabilities in engaging withclientscustomers and adjusting to the evolving demands of incident response operations. Should youpossessthe requisite skills and feel prepared to embrace this opportunity, we would be eager to review your candidacy. Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. Responsibilities OperationalManagement This role will work as part of a collaborative teamproviding the following support: Scope customer engagements as part of pre-engagementactivities, including assessing client needs, defining desired outcomes, and estimating resources and timelines to ensure a successful delivery. Overseeescalation pathwaysensuringtimelyresponses, directing issues to theappropriate deliveryteams, monitoring progress to resolution, and raising matters to leadership, when necessary, especially in cases of urgent and sensitive nature. Collaborate closely with delivery teamsto manage and resolve customer escalations promptly and effectively, ensuring customer satisfaction andmaintainingdelivery timelines. Oversee staffing and capacity planning for engagements and special event support, ensuring theappropriate allocationof resources to meet demand and client needs effectively. Fulfill on-call duties on a scheduled rotation,inclusive ofweekends and holidays. Manage and document the implementation of incident management frameworks and procedures. Collaborate with internal teams, including Legal, Security Research, Product Groups, and others, to address and resolve emerging issues. Ensure operational processesmaintainalignment with businessobjectives. Track the status of operational activities, ensuring schedules and priorities are met. Manage daily and weekly communication and status reporting proactively. Lead daily and weekly standup meetings and follow up on meeting minutes and action items. Identifytrends in customer activity that may require an adjustment in operational engagement Operational Excellence Must bemaintainedby: Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines). Completing operational tasks and readiness with timeliness and accuracy. Leading by example and guiding team members on operational tasks, readiness, and compliance. Exercisingrigor inmeticulous datatrackingand concise,detailed communications Qualifications Required Qualifications: Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience. Other Requirements: Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter. Preferred Qualifications: Doctorate in Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Master's Degree in Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience Flexibility to work shifts, including assignments during non-standard business hours that may include evening, nighttime, weekends, and/or holidays. 2+ years of hands-on experience with Active Directory, Entra ID, or other enterprise identity platforms and/OR 2+ years threat hunting, windows forensics OR 2+ years pentesting experience 1+ years ability to script or automate tasks using PowerShell or similar tools or 1+ years KQL experience Experience in high pressure reactive incident response environments where customers are experiencing a potentially business-ending event and your evidence-driven plans of action dictate their next steps.This skill set should include but is not limited to: Lead and manage high-profile incident response efforts for some of the world's largest businesses Coordinate and lead all key stakeholders as the primary point of contact for major incidents. This could include technical teams, executives, consultants, and partners Identify gaps early in the engagement process and request appropriate resources to fill those gaps Balance the need for rapid recovery with data collection and evidence preservation. Direct activities to secure Enterprise-scale environments and assess potential data exfiltration of data collection Management of large scale incidents in a follow-the-sun format working with fellow team members from across the globe Contextual application of MITRE Attack Framework and or OSI Model. Delivery of complex and technical discussions effectively to customer representatives of varying levels Security Certifications in any of the following: OSCP, CISSP, SANS Certifications, SC Certifications from Microsoft. Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting. Seasoned expertise in Incident Management or the Incident Response sector, with a focus on enhancing the efficacy and efficiency of incident management operations. Resilience under stress, coupled with a readiness to occasionally operate beyond standard business hours to assist with incidents. Effective interpersonal and communication abilities, conducive to productive collaboration within diverse team structures. Proactive approach in initiating actions and advocating for improvements to establish more streamlined and effective incident management processes Security Research IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled. Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.