Escalation Lead

Job Information

• Date Opened: 03/16/2026
• Industry: IT Services
• Job Type: Full time
• Remote Job

Job Description

This is a remote position.

PLEASE CAREFULLY READ ALL THE DETAILS BEFORE APPLYING

Job Title: Escalation Lead

Work Type: Remote/WFH, Fulltime

Working Hours: TBD (Usually US Hours/Night shift)

Start Date: TBD

JOB OVERVIEW: The client’s Escalation Lead is responsible for owning policy, risk, and scope decisions during high-impact client’s escalations. This role ensures that identity, access, and security-related incidents are resolved without introducing unnecessary security exposure, by validating root cause, defining safe remediation boundaries, and approving (or rejecting) configuration changes during live incidents. This role represents the decision authority that currently exists informally in client’s escalations.

JOB ROLE & RESPONSIBILITIES

• Conditional Access & Identity Policy Authority: Serve as the escalation authority for Conditional Access failures, token issuance errors, Cloud PC / Windows App access scope questions. Interpret Entra ID sign-in logs and CA outcomes to determine why access was blocked. Approve or deny CA exclusions, access scope changes, authentication flow adjustments. Prevent blind policy changes by enforcing root-cause validation first.
• Security Alert Legitimacy & Incident Context: Validate security alerts from Defender and Threat Locker to determine true security incidents, false positives, alerts tied to known remediation actions. Confirm whether escalation requires security response, documentation only, or no action. Act as the final authority on whether an alert is safe to disregard.
• Escalation Decision Governance: Act as the policy gatekeeper during active escalations. Ensure remediation steps are scoped, intentional, and reversible. Require confirmation that a change resolves the issue before approving additional modifications.
• Cross-Functional Technical Direction: Provide technical direction to identity engineers, security engineers, infrastructure teams, and service desk leads. Guide troubleshooting steps. Escalate to senior engineers only when justified by evidence.
• Escalation Flow Control: Control the decision phase of client’s escalation flow: Intake → Validation → Approved Change → Confirmation → Closure. Ensure escalation threads do not stall or expand without justification. Clearly signal when a remediation path is approved or blocked.
• Other responsibilities: Based on alert activity and volume, other responsibilities will be assigned, including process design and documentation. Flexibility is key.

JOB REQUIREMENTS

Technical Expertise

• Deep knowledge of Microsoft Entra ID (Azure AD), Conditional Access policies, MFA / SSPR authentication flows, Cloud PC and Windows App access behavior.
• Strong ability to interpret sign-in logs, token issuance failures, and security alert context.

Operational Judgment

• Experience acting as a technical authority during live incidents.
• Ability to make risk-balanced decisions under time pressure.
• Comfortable blocking changes that increase risk, even when resolution is urgent.

Communication

• Clear, decisive communication in escalation threads and verbal communication.
• Ability to explain why a change is or is not approved.
• Confident interacting with senior engineers and leadership during incidents.

Success Criteria

• Escalations resolve without over-permissive policy changes.
• Identity and access issues are fixed with confirmed cause.
• Security alerts are correctly classified.
• Repeat escalations decrease due to better guardrails and documentation.

Role Boundaries

• Does not solely own day-to-day execution of fixes (that remains shared with the team).
• Does own: Approval of changes, Risk acceptance, Escalation direction.