**PLEASE CAREFULLY READ ALL THE DETAILS BEFORE APPLYING***
Job Title: Escalation Lead
Work Type:
Working Hours: TBD (UsuallyUS Hours/Night shift)
Start Date: TBD
JOB OVERVIEW:
The client's Escalation Lead is responsible for owning policy, risk, and scope decisions during high-impact client's escalations. This role ensures that identity, access, and security-related incidents are resolved without introducing unnecessary security exposure, by validating root cause, defining safe remediation boundaries, and approving (or rejecting) configuration changes during live incidents.
This role represents the decision authority that currently exists informally in client's escalations.
JOB ROLE & RESPONSIBILITIES:
1. Conditional Access & Identity Policy Authority
- Serve as the escalation authority for:
- Conditional Access (CA) failures
- Token issuance errors
- Cloud PC / Windows App access scope questions
- Interpret Entra ID sign-in logs and CA outcomes to determine why access was blocked.
- Approve or deny:
- CA exclusions
- Access scope changes
- Authentication flow adjustments
- Prevent blind policy changes by enforcing root-cause validation first.
2. Security Alert Legitimacy & Incident Context
- Validate security alerts from Defender and Threat Locker to determine:
- True security incidents
- False positives
- Alerts tied to known remediation actions (e.g., decryption activity)
- Confirm whether escalation requires:
- Security response
- Documentation only
- No action
- Act as the final authority on whether an alert is safe to disregard.
3. Escalation Decision Governance
- Act as the policy gatekeeper during active escalations:
- Is this the correct fix
- Does this widen access beyond intent
- Ensure remediation steps are:
- Scoped
- Intentional
- Reversible
- Require confirmation that a change resolves the issue before approving additional modifications.
4. Cross-Functional Technical Direction
- Provide technical direction to:
- Identity engineers
- Security engineers
- Infrastructure teams
- Service desk leads
- Guide troubleshooting steps (e.g., reviewing sign-in logs, validating access targets).
- Escalate to senior engineers only when justified by evidence.
5. Escalation Flow Control
- Control the decision phase of client's escalation flow: Intake Validation Approved Change Confirmation Closure
- Ensure escalation threads do not stall or expand without justification.
- Clearly signal when a remediation path is approved or blocked.
6. Other responsibilities
- Based on alert activity and volume, other responsibilities will be assigned
- Process design and documentation
- Flexibility - a key to success for this role
JOB REQUIREMENTS:
Technical Expertise
Microsoft Entra ID (Azure AD)
Conditional Access policies
MFA / SSPR authentication flows
Cloud PC and Windows App access behavior
- Strong ability to interpret:
Sign-in logs
Token issuance failures
Security alert context
Operational Judgment
- Experience acting as a technical authority during live incidents
- Ability to make risk-balanced decisions under time pressure
- Comfortable blocking changes that increase risk, even when resolution is urgent
Communication
- Clear, decisive communication in escalation threads and verbal communication
- Ability to explain why a change is or is not approved
- Confident interacting with senior engineers and leadership during incidents
Success Criteria
- The role is successful when:
- Escalations resolve without over-permissive policy changes
- Identity and access issues are fixed with confirmed cause
- Security alerts are correctly classified
- Repeat escalations decrease due to better guardrails and documentation
Role Boundaries
- Does not solely own day-to-day execution of fixes (that remains shared with the team)
- Does own:
- Approval of changes
- Risk acceptance
- Escalation direction
- May oversee other resources working similar shifts/hours, acting as a Team Lead
