#MSFTSecurity

The Microsoft Security organization’s mission of making the world a safer place has never been more important. As threats become more frequent and sophisticated, we drive improvements into our security products that keep our customers, apps and their devices safe. The Microsoft Security Customer Experience Engineering (CxE) Team anticipates, amplifies, and systemically solves customer needs, to make the world a safer place for all. It does this by ensuring our product teams, such as Microsoft Entra, Microsoft Intune, Microsoft Defender, and Microsoft Purview are always on the front lines with customers, taking accountability for the end-to-end Microsoft Security customer experience, and that customers have what they need to be successful leveraging our Security suite of products.

roduct/service definition

• Utilizes engineering tools, customer telemetry and/or direct customer input to identify and flag the defects/signals in the product or product misuse, or an issue with the customer.

• Resolve critical and complex technical issues in 24x7x365 environment

• Tracks customer incidents and with minimal oversight, engages with customers and partners to understand the issue, inform them about the active cases, and communicate progress and next steps to customers.

• With minimal guidance, contributes to or investigates and troubleshoots the issues using diagnostics.

• Gathers feedback from the customers and partners to learn ways in which customers and partners use the service and identify feature and knowledge gaps, misconfigurations, metrics, and key performance indicators (KPIs) in the current product.

• With minimal guidance, implements new features/tools to improve products.

• Helps customers and partners stay current with best practices by sharing content via multiple forums.

• Identifies content improvement or troubleshooting guides. Helps implement automation of complex solutions for the team.

• Identifies and leverages potential developmental opportunities across product areas and business processes (e.g., mentorships, shadowing, trainings) for professional growth and to develop and execute on technical intensity/skilling to resolve customer issues.

• Conducts health checks to ensure customer environment (e.g., product, service, feature) is optimized and configured for deployment. With minimal guidance, provides guidance to customers on understanding and implementing new versions, software updates, and releases of platforms within Microsoft.

• With minimal guidance, conducts feature reviews on new deployment to identify gaps. With managerial support, provides guidance to customers on designing configurations and deploying solutions on Microsoft platforms.

Relationship/Experience Management

• With minimal guidance, serves as a connecting point between the engineering team and customers representatives throughout the solution lifecycle.

• With minimal guidance, engages with customers to understand their business and availability needs to then help develop guidance to meet deployment needs.

• Serves as a connecting point and escalates specific customer issues to appropriate teams to resolve customer issues.

• Communicates progress and keeps stakeholders aligned with respect to escalations.

• With some supervision, handles escalations on customer issues from the support or field teams.

• Escalates issues to seniors or managers within the team, if more assistance is needed.

• With minimal oversight, conducts root-cause analysis of the issues and follows up with the customers.

• Collaborates with the relevant product and business groups on how customers use the product.

• Understands and identifies gaps in customer scenarios and product limitations.

• Provides details to the product and business groups on customer product experience and usage.

• With minimal supervision, acts as a voice of customers (VOCs) to inform product and business groups on customer product experience and usage.

• With minimal guidance, partners with other teams (e.g., program managers, software engineers, product, customer service support [CSS] teams) to review and unblock, and resolve customer incidents/issues.

• Collaborates with internal partner teams to supports delivery of solutions back to the customers.

• Informs stakeholders on customer progression including issues.

• Independently starts to build partnerships with internal technical teams to update the troubleshooting resources.

• With minimal guidance, works with the relevant product and business groups to resolve customer issues.

• Build and Integrate AI Agentic power to improve and accelerate customers experience

Preferred Qualifications

• Bachelors or Masters in Computer Science, Engineering or Equivalent Experience.

• 6-8+ years' experience in deep technical role in IT (Information Technology), Technical Support, Consulting, Program Management or similar roles and hand-on experience with Microsoft Security & Compliance technologies and /or , Microsoft Defender Security.

• Multiple Certifications in Microsoft and/or competing Cloud Technologies and/or Security are desired.

Knowledge, Skills, Abilities

• Data Analysis

• Project Management

• Cloud Architectures and technologies

• Networking and Web technologies knowledge

• Quality Assurance

• Stakeholder Management

• Technical Communication

• Agility

• Build and Integrate AI Agentic solutions to improve and accelerate customers experience

• System administration (Linux)

• Strong understanding of Linux OS internals (RHEL, SUSE, Ubuntu, Oracle Linux).

• Handson experience with:

• Understanding about ebpf in Linux

• SELinux policy troubleshooting & mitigation

• File permissions, systemd, service health, daemon management

• Kernel module behavior (soft lockups, NMI watchdog scenarios)

• Ability to debug installation, onboarding & dependency failures across distros.

• Expertise in Microsoft Defender for Endpoint - Linux in the following areas :

• MDE for Linux – Installation, Onboarding (Script, Puppet, Chef, Azure Arc) & Offboarding

• Hands-on expertise on Broker/SafeSig/ESU/Enhanced heartbeat validation.

• Validating CloudEngine, XPlatBroker telemetry (Threat, Core, Bond reports).

• Hands-on expertise in investigating - High CPU, memory and I/O usage, wdavdaemon crashes, memory leaks & core dumps

• Working knowledge of how RTP and EDR components affect server workloads (DB nodes, NFS servers, HPC clusters).

• EDR / EPP / Sensor Health Expertise - Diagnosing No Sensor Data / No Telemetry issues, Understanding EDR event throttling, CreateProcessEvents capping issues, Troubleshooting Realtime protection (RTP) and Behavior Monitoring (BM) discrepancies.

• Hands-on expertise in Network Protection & Connectivity Issues - Diagnosing Network Protection drops, packet retransmissions, connection aborts, Understanding enterprise firewall/proxy, SSL inspection, egress filtering.

• Deep Expertise in EPP vs EDR exclusion scopes, JSONbased Linux exclusion configurations

• Ability to collect & analyze logs such as mdatp diagnostics, Other logs (/var/log/audit/audit.log), microsoft_defender_core.log, XPlatBrokerMessage, CloudEngineKustoEntity, Kernel logs, coredumps, stack traces etc

• Troubleshooting knowledge on MDE for iOS (VPN issues, licensing constraints) , MDE for Android (battery optimization, ATT&CK mapping, VPN issues) and MDE for Mac (definition update issues, JAMF install failures).

• Hands-on Knowledge on Microsoft Defender XDR , Microsoft Sentinel integration, Security Copilot with Defender XDR & Sentinel.

• Experience with automation languages (PowerShell, etc.) / Power Automate

• Experience with IDE and Development Languages (JAVA, .NET, Python)