QualificationsSoftware deploymentAzureWindowsAuthenticationPowerShellBachelor’s degree
Do you have a passion for helping Microsoft’s clients defend themselves against targeted attack? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry, communicating with security industry leaders, and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers assess their security posture?
If so, you might be a candidate for the Microsoft Cybersecurity Detection and Response Team (DART) as a Forensic Analyst.
We are looking for a Forensic Analyst with a strong, experienced security background to join our team delivering Incident Response investigations and point-in-time cybersecurity assessments that provide our worldwide enterprise customers with both a deeper understanding of their security posture and an understanding of potential malicious activities within their environments.
Responsibilities
This role will work as part of a collaborative team assisting our top customers with:
Discovering attacker persistence (if present)
Determining attacker activity on known compromised systems
Identifying potential threats – allowing for proactive defence before an actual incident
Providing recommendations to improve cybersecurity posture going forward
Performing knowledge transfer to prepare customers to defend against today’s threat landscape
This role also entails with:
Pre-Sales Support
Collaborates with internal stakeholders (e.g., Solution Architect, Account Delivery Executive, Pursuit Lead, Sales Solution Specialist) in the pre-sale process by understanding business requirements and providing industry and technical input and/or solution offerings to help shape the deal. Supports drafting proposals and/or statement of work (SOW).
Provides input on staffing and skill requirements for delivery to Resource Deployment, Technical Delivery Managers (TDMs), and/or Project Managers.
Technical Delivery
Follows capacity process outlined by Global Capacity Management team. Maintains tools with up-to-date skills and availability.
Leads meetings with customers/partners to understand business needs. Uses business, industry and technology strategies to map customer/partner requirements to the adoption and optimization of Microsoft technology solutions. Engages others appropriately to understand and define customer requirements.
Participates in project planning and develops project documents by identifying the risks and dependencies. Communicates the business value of planned solutions to customers/ partners. Identifies technical and business risks in programs and proposes mitigations. Assists project managers/architects in preparing for steering committee (e.g., developing artifacts). Manages their schedule and communicates to project leads. Generates and delivers Work Breakdown Structure (WBS).
Implements solutions and may provide oversight and leadership on workstreams across domains while adhering to Microsoft Services processes. Aligns solutions with the intent of the architecture.
Manages escalations, analyzes situations, and coordinates appropriate resources to resolve issues by following delivery practices, considering cost implications, and engaging in conversations with internal and external stakeholders (e.g., Customer Service and Support, Project Manager, Solution Architect, Product Group) as needed.
Proactively manages executive-level customer/partner/stakeholder relationships to identify and contribute to the drivers of satisfaction and dissatisfaction, determine the root cause, and establish recovery actions to improve experience. Works with account team to ensure One Microsoft approach. Shares lessons learned with workgroup and consultant community.
Intellectual Property Management
Acts as an ambassador in consumption of intellectual property (IP) by leveraging and/or modifying existing IP or creating repeatable content where applicable. Provides feedback on Managed IP for continuous improvement, reports IP gaps, reviews IP to be considered for harvesting and curation and ensures it is logged for consumption. Improves Managed Standard Offerings (MSO) quality and collaborates with portfolio and solution teams of the domain by providing feedback.
Business Development
Identifies opportunities to expand or accelerate the adoption and consumption of the cloud and Microsoft technologies. As appropriate, facilitates other team members to scale the business with existing customers by articulating value propositions of strategic Microsoft products and services and developing new offerings for the domain. Drives innovation and digital transformation. Ensures the use of existing intellectual property (IP).
Readiness
Learns new technologies or services based on business demands and industry trends. Obtains relevant accreditations and certification(s) as advised by domain leadership team. Identifies certifications and readiness plans in partnership with domain Chief Technology Officer (CTO). Leads or participates in relevant technical communities, and conducts training sessions to evangelize technology and/or offerings based on availability. Mentors team members and acts as a technical advisor for stakeholders by providing thought leadership, articulation of solutions value, and outcomes of business strategies.
Operational Excellence
Completes operational tasks and readiness, and ensures timeliness and accuracy. Follows Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines). Leads as example and guides team members on operational tasks, readiness, and compliance.
Other
Embody our culture and values
Qualifications
Bachelor’s Degree in Computer Science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business
OR equivalent experience.
Excellent oral and written communication skills.
Ability to work with the team in a customer environment.
Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud).
Experience deploying advanced Windows client security technologies.
Proven and advanced scripting experience with PowerShell.
Working knowledge of Azure cloud services.
Strong familiarity with Office365 migration and management.
Advanced understanding of Windows authentication mechanisms and supporting technologies such as ADFS.
Experience with understanding and troubleshooting Hybrid Identity Including Active Directory, Azure AD and technologies such as Azure AD Connect, Azure AD Password Protection.
Knowledge of Cybersecurity centred on understanding Identity such as Azure AD Logging, Risk Events, Multi Factor Authentication, Defender for Identity, Privileged Identity Management (PIM), Defender for Azure (formally), etc.
General security knowledge of common attack vectors and tools such as Pass the Hash, Golden Ticket and ransomware.
Experience in the following areas is a plus:
Consulting background
3 years experience with Active Directory, SCCM, and/or Microsoft platforms technologies
Active Directory subject matter expertise
Microsoft Azure and/or Office 365 platform knowledge and experience
Proven experience in helping enterprises manage vulnerabilities, measure security and ensure compliance
Demonstrate knowledge of identifying risk and articulating that risk clearly and subsequent strategies to mitigate that risk
Ability to work independently and perform rapid solution engineering and architecture under time constrained conditions with limited support
Experience generating written reports documenting customer’s environment and engagement findings
Familiarity with Microsoft Defender for Endpoints and Microsoft Defender for Identity Advan
ce Hunting queries.
A desire to learn and grow, as well as a desire to help others do so
Knowledge of third-party cybersecurity solutions
CISSP certification or similar
The salary for this role in the state of Colorado is between $59,900 and $183,300.
At Microsoft, certain roles are eligible for additional rewards, including annual bonus and stock. These awards are allocated based on individual performance. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee’s role.
Benefits/perks listed here may vary depending on the nature of your employment with Microsoft and the country where you work.US-based employees gain access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and fitness benefits, among others.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.