Escalation Lead

Please login or register as jobseeker to apply for this job.

: TYPE OF WORK

Full Time

: SALARY

N/A

: HOURS PER WEEK

8

: DATE UPDATED

Apr 12, 2026

JOB OVERVIEW

**PLEASE CAREFULLY READ ALL THE DETAILS BEFORE APPLYING***

Job Title: Escalation Lead
Work Type: Remote/WFH Fulltime
Working Hours: M-F (40-45 hours) , plus on-call weekends
Start Date: in 2 weeks

JOB OVERVIEW:

The client’s Escalation Lead is responsible for owning policy, risk, and scope decisions during high-impact client’s escalations. This role ensures that identity, access, and security-related incidents are resolved without introducing unnecessary security exposure, by validating root cause, defining safe remediation boundaries, and approving (or rejecting) configuration changes during live incidents.

This role represents the decision authority that currently exists informally in client’s escalations.

JOB ROLE & RESPONSIBILITIES:

1. Conditional Access & Identity Policy Authority
Serve as the escalation authority for:
Conditional Access (CA) failures
Token issuance errors
Cloud PC / Windows App access scope questions
Interpret Entra ID sign-in logs and CA outcomes to determine why access was blocked.
Approve or deny:
CA exclusions
Access scope changes
Authentication flow adjustments
Prevent “blind” policy changes by enforcing root-cause validation first.

2. Security Alert Legitimacy & Incident Context
Validate security alerts from Defender and Threat Locker to determine:
True security incidents
False positives
Alerts tied to known remediation actions (e.g., decryption activity)
Confirm whether escalation requires:
Security response
Documentation only
No action
Act as the final authority on whether an alert is safe to disregard.

3. Escalation Decision Governance
Act as the policy gatekeeper during active escalations:
“Is this the correct fix?”
“Does this widen access beyond intent?”
Ensure remediation steps are:
Scoped
Intentional
Reversible
Require confirmation that a change resolves the issue before approving additional modifications.

4. Cross-Functional Technical Direction
Provide technical direction to:
Identity engineers
Security engineers
Infrastructure teams
Service desk leads
Guide troubleshooting steps (e.g., reviewing sign-in logs, validating access targets).
Escalate to senior engineers only when justified by evidence.

5. Escalation Flow Control
Control the decision phase of client’s escalation flow: Intake ? Validation ? Approved Change ? Confirmation ? Closure
Ensure escalation threads do not stall or expand without justification.
Clearly signal when a remediation path is approved or blocked.

6. Other responsibilities
Based on alert activity and volume, other responsibilities will be assigned
Process design and documentation
Flexibility - a key to success for this role

JOB REQUIREMENTS:

Technical Expertise
Deep knowledge of:
Microsoft Entra ID (Azure AD)
Conditional Access policies
MFA / SSPR authentication flows
Cloud PC and Windows App access behavior

Strong ability to interpret:
Sign-in logs
Token issuance failures
Security alert context
Operational Judgment
Experience acting as a technical authority during live incidents
Ability to make risk-balanced decisions under time pressure
Comfortable blocking changes that increase risk, even when resolution is urgent
Communication
Clear, decisive communication in escalation threads and verbal communication
Ability to explain why a change is or is not approved
Confident interacting with senior engineers and leadership during incidents
Success Criteria
The role is successful when:
Escalations resolve without over-permissive policy changes
Identity and access issues are fixed with confirmed cause
Security alerts are correctly classified
Repeat escalations decrease due to better guardrails and documentation
Role Boundaries
Does not solely own day-to-day execution of fixes (that remains shared with the team)
Does own:
Approval of changes

Risk acceptance
Escalation direction
May oversee other resources working similar shifts/hours, acting as a Team Lead

SKILL REQUIREMENT

Azure Windows Administrator

SHARE THIS POST

Job Post	Reporter	Rank	Reason	Date

BENCHMARKS

Loading Time: Base Classes	0.0011
Controller Execution Time ( Jobseekers / Job )	0.0162
Total Execution Time	0.0184

GET DATA

No GET data exists

MEMORY USAGE

1,507,976 bytes

POST DATA

No POST data exists

URI STRING

jobseekers/job/Escalation-Lead-1618526

CLASS/METHOD

jobseekers/job

DATABASE: onlinejobs (Jobseekers:$db) QUERIES: 13 (0.0071 seconds) (Hide)

0.0003	`SELECT * FROM exrates WHERE rate_name = 'USD-PHP'`
0.0009	SELECT * FROM `employer_jobs` WHERE `job_id` = 1618526 LIMIT 1
0.0003	SELECT * FROM `employers` WHERE `employer_id` = 918852 LIMIT 1
0.0003	SELECT COUNT(*) AS `numrows` FROM `t_thread` `t` LEFT JOIN `t_thread_misc` `misc` ON `t`.`id` = `misc`.`thread_id` WHERE `t`.`job_id` = 1618526 AND `misc`.`id` IS NULL
0.0004	SELECT e.business_name, e.logo, e.website, e.rebill_date, e.date_added member_date, hits, DATEDIFF('2026-04-19',ej.date_added) duration_days, DATEDIFF('2026-04-19',e.rebill_date) duration_rebill, ej.*, e.deactivate FROM employers e, employer_jobs ej WHERE e.employer_id = ej.employer_id AND ((e.user_level >= '500' AND ej.date_added <= e.rebill_date) OR e.employer_id = '' OR (ej.date_approved <> '2000-01-01' and DATEDIFF('2026-04-19',ej.date_added) <= 14 )) AND e.deactivate != 1 AND ej.deleted = 0 AND job_id = '1618526'
0.0003	SELECT * FROM `employer_jobs_skills` `ejs` LEFT JOIN `skills_categories` `sc` ON `ejs`.`skill_id` = `sc`.`id` WHERE `job_id` = 1618526
0.0018	`UPDATE employer_jobs SET hit_counts = '*Apr-07-2026=3Apr-08-2026=285Apr-09-2026=19Apr-10-2026=3Apr-11-2026=5Apr-12-2026=720Apr-13-2026=38Apr-14-2026=26Apr-15-2026=9Apr-16-2026=7Apr-17-2026=6Apr-18-2026=2**Apr-19-2026=1' WHERE job_id= '1618526'`
0.0008	`UPDATE employer_jobs SET monthly_hits = '***Apr-2026=1123' WHERE job_id= '1618526'`
0.0003	`SELECT date_sent FROM jobseeker_sent_emails WHERE jobseeker_id = '' AND job_id = '1618526' AND status LIKE 'sent%' ORDER BY id DESC`
0.0002	SELECT * FROM `employer_jobs_skills` `ejs` LEFT JOIN `skills_categories` `sc` ON `ejs`.`skill_id` = `sc`.`id` WHERE `job_id` = 1618526
0.0008	SELECT COUNT(*) AS `numrows` FROM `employer_jobs` WHERE `employer_id` = '918852' AND `date_added` >= '2022-06-08'
0.0005	`select * from teasers`
0.0002	`SELECT * FROM skill_categories WHERE skill_cat_id=''`

HTTP HEADERS (Show)

SESSION DATA (Show)

__ci_last_regenerate	1776604600
last_page	https://v1.stage.onlinejobs.ph/jobseekers/job/Escalation-Lead-1618526
csrf-token	617c17ffc6fe603d4b9f80c19bc58932
job_search_keyword

CONFIG VARIABLES (Show)

base_url	https://v1.stage.onlinejobs.ph
log_threshold	2
enable_profiler
index_page
uri_protocol	PATH_INFO
url_suffix
language	english
charset	UTF-8
enable_hooks	1
subclass_prefix	MY_
composer_autoload	vendor/autoload.php
permitted_uri_chars	a-z 0-9~%.:_\=\-\+\@?\&
enable_query_strings
controller_trigger	c
function_trigger	m
directory_trigger	d
allow_get_array	1
log_path
log_file_extension
log_file_permissions	420
log_date_format	Y-m-d H:i:s
error_views_path
cache_path
cache_query_string
encryption_key	OdBUArjiWg9I7u7bvAwQ7Fu35VB1kzga
sess_driver	files
sess_cookie_name	ci_session
sess_expiration	2678400
sess_save_path
sess_match_ip
sess_time_to_update	300
sess_regenerate_destroy
cookie_prefix
cookie_domain
cookie_path	/
cookie_secure
cookie_httponly
standardize_newlines
global_xss_filtering	1
csrf_protection
csrf_token_name	csrf_test_name
csrf_cookie_name	csrf_cookie_name
csrf_expire	7200
csrf_regenerate	1
csrf_exclude_uris	Array ( )
compress_output
time_reference	local
rewrite_short_tags
proxy_ips
ojadmin	JpjZkQN5A8l@^L
salt	+UFjSAT49tPZLtmU2CIG2FYN7pRhgsWyLHgSyQa6k3I=
queue_enabled
twilio	Array ( [sid] => AC00c0594045c6eef9407e8fff01f3d467 [token] => f0bfc0b73444a077894a43f5f75e6d41 [length] => 6 [from] => +639221200200 [code_expiry_seconds] => 14400 )
maintenance	Array ( [admin] => Array ( [verification] => ) [announcement_bar] => Array ( [show_slow_issue_message] => ) )
trustpilot	Array ( [to_email] => onlinejobs.ph+3d844ebf71@invite.trustpilot.com )
services	Array ( [google_tag_manager] => Array ( [id] => GTM-T5CQMS6P ) [chatgpt] => Array ( [secret] => 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 ) [claude] => Array ( [secret] => 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 ) )
v2_url	https://v2.stage.app.onlinejobs.ph
replacemyself_secret_key	Kk1WpgTMkc4wBQOqC5rqCssdLhACKrsJeTtO1ywUkT4=
app	Array ( [app] => Array ( [command] => Array ( [map] => Array ( [OnlineJobs\Mailer\Command\SendEmailCommand] => OnlineJobs\Mailer\Handler\SendEmailHandler [OnlineJobs\Mail\Command\SendEmailCommand] => OnlineJobs\Mail\Handler\SendEmailHandler [OnlineJobs\Mail\Command\QueueEmailPendingCommand] => OnlineJobs\Mail\Handler\QueueEmailPendingHandler [OnlineJobs\Mail\Command\QueueJobEmailPendingCommand] => OnlineJobs\Mail\Handler\QueueJobEmailPendingHandler [OnlineJobs\Mail\Command\QueueUnapprovedEmailCommand] => OnlineJobs\Mail\Handler\QueueUnapprovedEmailHandler [OnlineJobs\Mail\Command\ProcessEmailQueueCommand] => OnlineJobs\Mail\Handler\ProcessEmailQueueHandler [OnlineJobs\Mail\Command\PutJobseekerEmailOnHoldCommand] => OnlineJobs\Mail\Handler\PutJobseekerEmailOnHoldHandler [OnlineJobs\Purchase\Command\RealEstateVaCourseCommand] => OnlineJobs\Purchase\Handler\RealEstateVaCourseHandler [OnlineJobs\Test\Command\HelloCommand] => OnlineJobs\Test\Handler\HelloHandler ) [middleware] => Array ( ) ) [providers] => Array ( [0] => OnlineJobs\Bus\BusServiceProvider [1] => OnlineJobs\Database\DbServiceProvider [2] => OnlineJobs\Mailer\MailerServiceProvider [3] => OnlineJobs\Support\SupportServiceProvider [4] => OnlineJobs\Employer\ServiceProvider [5] => OnlineJobs\Jobseeker\ServiceProvider [6] => OnlineJobs\Mail\ServiceProvider [7] => OnlineJobs\Postal\ServiceProvider [8] => OnlineJobs\Queue\ServiceProvider [9] => OnlineJobs\Courier\ServiceProvider [10] => OnlineJobs\Job\ServiceProvider [11] => OnlineJobs\Purchase\ServiceProvider ) ) )
meta	Array ( [facebook] => Array ( [input] => 1 [connect] => 2 [timezone] => 3 [url] => 30 [id] => 31 [photo] => 32 [name] => 33 [email] => 34 [review] => 35 ) [trust] => Array ( [government_id] => 4 [utility_bill] => 5 [selfie_photo] => 6 [profile_picture] => 7 [phone_number] => 8 [facebook] => 9 ) [verify] => Array ( [profile_picture] => 10 [government_id] => 11 [selfie_photo] => 12 [utility_bill] => 13 [address] => 14 [name] => 15 [reviewed] => 16 [government_group] => 28 [address_group] => 29 [mobile] => 38 ) [address] => Array ( [complete] => 17 [room_unit_no] => 20 [house_no] => 21 [street] => 22 [subdivision] => 23 [barangay] => 24 [city] => 25 [province] => 26 [postcode] => 27 ) [reviewed] => Array ( [similar_names] => 1 ) [name] => 18 [phone] => 19 [sms_verification_code] => 36 [resend_verification_code] => 37 [address_read] => 39 [first_name] => 100 [middle_name] => 101 [last_name] => 102 [edit] => Array ( [government_id_group] => 40 [address_group] => 41 [mobile_group] => 42 ) [salary_re_entry] => 103 [id_proof_recalibrate] => 104 [email] => 44 [mobile_verification_type] => 45 )
honeypot	Array ( [name_field] => my_name [enabled] => 1 )

HTTP_ACCEPT	/
HTTP_USER_AGENT	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
HTTP_CONNECTION	Upgrade
SERVER_PORT	80
SERVER_NAME	v1.stage.onlinejobs.ph
REMOTE_ADDR	127.0.0.1
SERVER_SOFTWARE	Apache/2.4.58 (Ubuntu)
HTTP_ACCEPT_LANGUAGE
SCRIPT_NAME	/index.php
REQUEST_METHOD	GET
HTTP_HOST
REMOTE_HOST
CONTENT_TYPE
SERVER_PROTOCOL	HTTP/1.1
QUERY_STRING
HTTP_ACCEPT_ENCODING	gzip, br, zstd, deflate
HTTP_X_FORWARDED_FOR	216.73.217.103
HTTP_DNT

Escalation Lead

Please login or register as jobseeker to apply for this job.

TYPE OF WORK

SALARY

HOURS PER WEEK

DATE UPDATED

Why is this blurred?