Support Escalation Engineer

Job Type:Full Time

Interested in security and incident response? Then come join the CSS Security team at Microsoft as asecurity support engineer responsible forhelping customers investigate security incidents in their environment.

Your Profile and The Position

As asecurity supportengineer, you will be an elite member ofa customer facing securitysupport team leading incident response investigations for Microsoft’s enterprise customers.Youhave experience inanalyzing, triaging, scoping, containing, providing guidance for remediation, and determiningtheroot cause of security incidents.Youarefamiliar with collecting and analyzing security incident related data to identify indicators of attack and compromise.

Youhave a passion for learning new technologies, collaborating with other experts to find solutions, having complete customer obsession, continuously optimizing and improving the customer support experience, and having fun.Youenjoy working on challenging issues that require in depth investigation, excellent communication, and complete ownership to drive issues to resolution.Youobsessover small details to make sure that each customer interaction not only drives issues to resolution, but also ensures that customers are effectively using Microsoft technologies to further the success of their business.

Inallinteractions withourcustomers, youcommunicate effectively,have complete accountability and ownershipoverproviding amazingresults,show resourcefulnessin providingtimely and effective solutions, andapproach every situation with empathy, care, and a focus on providing an amazing experience.When you don’tknowthe answer, you “swarm” with other engineers at Microsoft to come up witha solution quickly, and you aren’t afraid to ask questions and learn new thingsdaily.You don’t letanything block you in the pursuit ofa world class customer service experience for our customers.

This position requires extensive cross-group coordination, collaboration,and excellent oral and written communication skills. Attention to detail; and a highly organized, process-focused aptitude are required to manage the variety of responsibilities and deliverables. Youwork well under pressure and deadlines, while also exhibiting flexibility and adaptability across a broad organizational matrix.

Beyond extensive technical focus, this role requires the ability to communicate issues and recommendations clearly andconcisely andbuild broad relationships with influencers to impact key business results.Youunderstandincident response best practices and use this understanding to influence key decision makers.


  • Scope customer security incidents
  • Understand and identify indicators of attack and indicators of compromise
  • Analyzeincident data from threat analytics tools
  • Communicaterecommendations and guidance based on results of security incident analysis to the customer
  • Coordinate a response to the security incident with other Microsoft security and consulting teams
  • Develop, document, andimplement runbooks, capabilities, and techniques for IR
  • Performsecuritytriage and analysis onendpoint,server and network infrastructure
  • Collaborate with the security intelligence team by providing samples of malware from the customer’s environment
  • Perform activities necessary for immediate containment and short-term resolution of incidents
  • Maintain current knowledge and understanding of the threat landscape, emerging security threats, and vulnerabilities
  • Investigateroot cause ofcomplexsecurity incidents
  • Maintain a high level of confidentiality
  • Participate inanon-call rotation when required


Required Experience

  • Minimum 5+years experiencein Network Security Engineering or consulting, and/or Systems Administration with experience in Windows Server, Windows Client, and Active Directory Administration
  • Minimum 3+ years Security Incident Response experience with recent operational security experience (SOC, Malware Analysis, IDS/IPS Analysis, threat analytics, windows server and endpoint security, etc.)
  • Minimum 3+ years customer facing support experience
  • Minimum 1+ years of cloud experience with any of the major cloud providers, including cloud security, networking, and migration of multi-cloud or hybrid deployments
  • Experience supporting large and complex geographically distributed enterprise environments with 1000+ users

Preferred Experience

  • Automation (PowerShell and/or Python, Java, or a similar language, can be a beginner to intermediate level).
  • Experience in Linux and/or Mac administration


  • Demonstrated experience learningnewtechnologies
  • Strong collaborative skills and extensive cross-group coordination skills
  • Provencustomer serviceskills supportingexternal and/or internal customers in an enterprise environment
  • Great phone presence anddocumentationabilities.Excellent executive communicationand crisis managementskills
  • Excellent documentation skills andabilityto translate complex technical processes into simple to follow written guides
  • Previous experienceworkingin a large, complex, highly matrixed global organization preferred
  • Ability to work in a high pace environment with many competing priorities and randomization


  • PreferredBachelor’sdegree or higher in a technical field, or relevant work experience
  • PreferredIT Industry certifications (Microsoft Certifications On-Prem or Cloud, Cisco,CISSP,CEH,Amazon AWS, etc.)

In order to work with confidential cases from public sector Customers being eligible for the UK Security Clearance in line with

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.