The Opportunity: We are seeking a highly skilled and motivated Incident Response Engineer specializing in Microsoft on-premises and cloud technologies. The ideal candidate will have a strong background in identifying, analyzing, and responding to security incidents, as well as expertise in remediating and rebuilding affected systems to ensure resilience against future attacks. This role requires deep technical knowledge, excellent problem-solving abilities, and the capacity to work effectively under pressure.

• Role: Microsoft Incident Response Engineer
• Experience: 6-9 years
• Location: Irvine, CA, Las Vegas NV or Phoenix, AZ
• Duration: 3 Month Contract

Key Responsibilities:

• Incident Detection and Response: Monitor, detect, and respond to security incidents across Microsoft on-premises and cloud environments.
• Root Cause Analysis: Perform thorough investigations to identify the root cause of incidents, using tools and techniques such as log analysis, network traffic analysis, and endpoint forensics.
• Remediation and Recovery: Develop and execute remediation plans to contain and eradicate threats, ensuring systems are securely rebuilt and restored to normal operation, including:
• Proactive Measures: Implement security controls and best practices to prevent future incidents, including patch management, system hardening, and vulnerability assessments.
• Collaboration: Work closely with IT teams, security analysts, and other stakeholders to coordinate response efforts and share findings.
• Documentation: Maintain detailed records of incidents, including timelines, actions taken, and lessons learned, to improve future incident response strategies.
• Continuous Improvement: Stay current with the latest security threats, trends, and technologies to enhance incident response capabilities.

Required Qualifications:

• 7 years of hands-on experience with Microsoft cloud and on-premises infrastructure and applications
• 3 years of experience in Incident Response, with a focus on said Microsoft technologies
• Proficiency in configuration, security, and restoring data in Microsoft 365 services, including Exchange Online, OneDrive for Business, and Teams, as well as on-premises servers, Domain Controllers, Exchange Server (including hybrid configuration), and Microsoft file-and-print services
• Strong understanding of Microsoft identity and access, including Entra ID and Active Directory Domain Services, directory synchronization, Conditional Access, and Multi-Factor Authentication (MFA)
• Experience with security information and event management (SIEM) tools, such as Microsoft Sentinel, as well as Microsoft 365 audit logs, server logs, application logs, and firewall/network logs
• Deep experience with Windows Server and end user workstation provisioning and configuration utilizing Intune, Autopilot, Group Policy Objects (GPO), imaging solutions, virtual machine templates, and other software/configuration deployment solutions
• Knowledge of prerequisite network concepts, including TCP/IP, DNS, DHCP, and VLANs
• Analytical Skills: Ability to perform detailed forensic analysis and root cause investigations
• Problem-Solving: Strong troubleshooting skills to quickly and effectively resolve security incidents
• Communication: Excellent verbal and written communication skills to document incidents and collaborate with team members
• Effective Time Management: Ability to manage multiple tasks and projects simultaneously, ensuring timely completion

Preferred Qualifications:

• Relevant certifications related to Microsoft technologies (Azure, Microsoft 365, Windows Server, and other technologies) and cybersecurity (CISSP, Security , CEH, and Microsoft-specific security certifications)
• Technical skills:
• Experience with automation tools and scripting languages, such as PowerShell, to streamline response efforts
• Knowledge of network security, endpoint protection, and common threat vectors
• Knowledge of non-Microsoft servers and workstations, including Linux and MacOS devices

Education:

• Bachelor's degree in Computer Science, Information Security, or a related field

Contracting rate for this project is between $105 - $135/hr 1099 depending on experience. We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs. [This role may also be eligible to participate in a discretionary incentive program, subject to the rules governing the program]

Technologent is an Equal Opportunity Employer -- EEO/AA Employer/Vet/Disabled -- for reasonable accommodations, please contact us at hr@technologent.com