Hanson Consulting GroupRemote
Cyber Security Threat Response Coordinator
United States
Full Time
1 hour ago
H1B Sponsor
Key skills
AILLMAgenticCommunicationCollaboration
About this role
Hanson Consulting Group is seeking skilled Threat Response professionals to support Microsoft security teams in monitoring, triaging, and managing security threat incidents. The role focuses on coordinating escalations, validating mitigations, and ensuring timely, high-quality responses across Microsoft’s security ecosystem in collaboration with various organizations.
Responsibilities:
- Monitor threat incidents from Open‑Source Intelligence, internal monitoring systems, and those escalated from customer support engineers, and ensure all deliverables are completed within stringent deadlines and defined Service Level Agreements / Service Level Objectives
- Triage and assign escalation requests in tracking systems to teams that can provide resolution, including Microsoft Threat teams, Engineering, and Customer Support; follow up and obtain status updates according to expected SLAs / SLOs until resolution is provided to customers
- Provide timely, accurate, and end‑to‑end responses for threat incidents with attention to detail
- Solve complex support issues effectively
- Test and confirm mitigation options provided by the broader securities team, engineering, and product teams to identify the most cost‑effective resolution
- Provide regular analysis of threat trends and response coverage on a weekly, monthly, and quarterly cadence
- Drive improvement of threat response quality as well as Microsoft securities protection, disruption, and security posture capabilities in collaboration with the Defender Threat Response Team and Technical Program Managers
- Propose process enhancements and tool functionality improvements to raise threat response quality
- Provide the first layer of response to protection‑related escalations for Microsoft Threat Protection – that own protection coverage across the full Microsoft Defender / Microsoft Threat Protection security stack, including:
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Cloud
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Office 365
- Microsoft Defender Vulnerability Management
- Extended Detection and Response
- Exposure and Security Posture Management
- Microsoft Entra (identity platform)
- Microsoft Sentinel (security information and event management)
- Provide priority support for Catalyst, V200, and S500 customer escalations
- Incident Monitoring and Management
- The team will be providing 24x7x365 support, and will need to provide a report of service every weekly, monthly and quarterly business reviews
Requirements:
- Mid level to Advanced Threat Response Coordination
- Mid level to Advanced Threat Intelligence
- Product Training on the Microsoft Defender stack + Entra + Sentinel
- Basic detection creation and debugging training
- Monitor threat incidents from Open‑Source Intelligence, internal monitoring systems, and those escalated from customer support engineers, and ensure all deliverables are completed within stringent deadlines and defined Service Level Agreements / Service Level Objectives
- Triage and assign escalation requests in tracking systems to teams that can provide resolution, including Microsoft Threat teams, Engineering, and Customer Support; follow up and obtain status updates according to expected SLAs / SLOs until resolution is provided to customers
- Provide timely, accurate, and end‑to‑end responses for threat incidents with attention to detail
- Solve complex support issues effectively
- Test and confirm mitigation options provided by the broader securities team, engineering, and product teams to identify the most cost‑effective resolution
- Provide regular analysis of threat trends and response coverage on a weekly, monthly, and quarterly cadence
- Drive improvement of threat response quality as well as Microsoft securities protection, disruption, and security posture capabilities in collaboration with the Defender Threat Response Team and Technical Program Managers
- Propose process enhancements and tool functionality improvements to raise threat response quality
- Provide the first layer of response to protection‑related escalations for Microsoft Threat Protection – that own protection coverage across the full Microsoft Defender / Microsoft Threat Protection security stack, including Microsoft Defender for Cloud Apps, Microsoft Defender for Cloud, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Defender Vulnerability Management, Extended Detection and Response, Exposure and Security Posture Management, Microsoft Entra (identity platform), Microsoft Sentinel (security information and event management)
- Provide priority support for Catalyst, V200, and S500 customer escalations
- Incident Monitoring and Management
- Kusto
- Agentic AI / LLM usage
- Microsoft Writing and Communication Style