About

• Overview
• The Microsoft Incident Response – the Detection and Response Team (DART) seeks a skilled and experienced Senior Cybersecurity Infrastructure Engineer with a background in Active Directory and cloud identity management to join our cybersecurity incident response team. DART is the first port of call for many customers during a security incident, providing rapid containment, investigation, and recovery services.
• Along with supporting reactive incident response cases for some of the most esteemed businesses in the world, Infrastructure Engineers will work cohesively with Incident leads, Threat Hunters and other resources to build trust and drive significant change in any business they come into contact with. The individual should possess excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft. Thought leadership is a key priority, in the form of written and spoken content delivered both internally and externally. Any successful candidate should also embody Microsoft’s culture and values.
• Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

• Responsibilities
• Serve as an infrastructure specialist during incident response engagements, focusing on identity systems and enterprise infrastructure.
• Lead containment and recovery efforts for compromised Active Directory and Entra ID (formerly Azure AD) environments.
• Collect and analyze forensic data from identity platforms and infrastructure components.
• Implement identity hardening and recovery strategies pre and post compromise.
• Collaborate with threat intelligence, reverse engineering, and hunting teams to deliver holistic incident response.
• Contribute to the development, delivery, and continuous improvement of internal and customer facing programs
• Document findings and recommendations in clear, actionable reports for customers and internal stakeholders.

• Qualifications
• Required/minimum qualifications
• Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
• 3+ years of hands-on experience with Active Directory, Entra ID, or other enterprise identity platforms.
• Ability to script or automate tasks using PowerShell or similar tools.
• Ability to travel on short notice, work shifts, including shift assignments during non-standard business hours that may include evening, nighttime, weekends, and/or holidays.
• Other Requirements
• The ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
• Additional or preferred qualifications
• Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
• An understanding of identity-related attack techniques (e.g., Golden Ticket, Pass-the-Hash, Kerberoasting).
• Experience with identity recovery and hardening in post-breach scenarios
• Familiarity with Windows Server infrastructure, DNS, DHCP, and Group Policy.
• Familiarity with Linux and/or macOS usage and administration.
• Effective communication skills and the ability to convey technical content with clarity and context.
• Experience in incident response, digital forensics, or threat hunting.
• Familiarity with Microsoft Defender XDR, Sentinel, or other SIEM/SOAR platforms.
• Experience using KQL
• French communication skills will be considered an asset.
• #DART #MicrosoftIR #IncidentResponse

• Security Research IC4 - The typical base pay range for this role across Canada is CAD $114,400 - CAD $203,900 per year.

Find additional pay information here

• https://careers.microsoft.com/v2/global/en/canada-pay-information.html

• Security Research IC4 - L'échelle salariale de base typique pour ce rôle dans l'ensemble du Canada est de 114,400 $ CAD à 203,900 $ CAD par année.

Pour plus d'information au sujet de la rémunération, veuillez cliquer ici

• https://careers.microsoft.com/v2/global/en/canada-pay-information.html

• Ce poste sera ouvert pendant au moins cinq jours et les candidatures seront acceptées de façon continue jusqu’à ce que le poste soit pourvu.

• This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

• Microsoft est un employeur offrant l’égalité d’accès à l’emploi. Tous les candidats qualifiés seront pris en considération pour l’emploi, sans égard à l’âge, à l’ascendance, à la citoyenneté, à la couleur, aux congés médicaux ou familiaux, à l’identité ou à l’expression de genre, aux renseignements génétiques, à l’état d’immigration, à l’état matrimonial, à l’état de santé, à l’origine nationale, à un éventuel handicap physique ou mental, à l’affiliation politique, au statut de vétéran protégé ou au statut militaire, à la race, à l’ethnie, à la religion, au sexe (y compris la grossesse), à l’orientation sexuelle ou à toute autre caractéristique protégée par les lois, ordonnances et règlements locaux applicables. Si vous avez besoin d’aide avec des accommodements religieux et/ou d’un accommodement raisonnable en raison d’un handicap pendant le processus de candidature, apprenez-en plus sur la demande d’accommodement.

• Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.