Microsoft Looking For Cyber Security Incident Response Engineer at Reston, VA Full Time

Digital Security & Resilience

Digital Security & Resilience (DSR) group is a division of Microsoft Security, Compliance, Identity and Management Engineering. DSR supports the company’s overall security mission by providing key security services that help protect systems, services, data and users. Our goal is to educate our employee population about the evolving threat landscape; including the motivations, tools, and techniques used by cyber attackers

The Digital Security and Resilience (DSR) team is looking for a Security Engineer to work as a Cyber Hunt Analyst in the Cyber Defense Operations Center (CDOC) with an emphasis on federal work. As part of this dynamic and high-impact team – you will have the opportunity to seek out adversary tactics, techniques, and procedures (TTP) in our environment using advanced security technologies combined with your own hunting methodologies.

In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities. You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.

For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center (SOC). Extending beyond the traditional blue team role, you will engage red teams and participate in purple team exercises that will build your perspective of the adversarial mindset as well as identify new techniques that need to be hunted. Finally, you will play a critical role in the continuous monitoring and response to major Incidents affecting the enterprise.

Preferred work locations:
Redmond, Washington

Reston, Virginia

Remote in the U.S.

Responsibilities

Key responsibilities:
Develop, document, and execute threat hunting engagements to detect known adversary TTPs.

Perform threat hunting operations across numerous data sets and security products to identify new and emerging adversary TTPs.

Document and communicate hunt methodologies and findings. Provide metrics to measure the impact of hunting operations.

Collaborate with internal security partners, red teams, and threat intelligence teams to identify, prioritize, and research threat actor behaviors.

Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data

Provide investigations, response, and root cause analysis to major incidents affecting the enterprise

Qualifications

Required Qualification:
1+ Year working in a dedicated Hunt role or incident response or 3+ Years working in a SOC &| Incident response role.

Knowledgeable about modern security related subjects and trends, for example, Advanced Persistent Threat (APT) TTPs, Spear Phishing, and credential compromise techniques.

US Citizenship is required.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Preferred Qualifications:
Experience in any of the following Kusto, Python, Powershell, C#.

Proven ability to drive large scale, high visibility projects with high collaboration and leadership.

Demonstrated experience in computer security related disciplines, including but not limited to the following subject areas: software vulnerabilities and exploitation, host forensics, malware analysis, and web-focused security topics.

Excellent judgment, decision making skills, and the ability to work under pressure

Excellent presentation skills and experience of presenting to senior management

Experience working with the United States Government & and various Information Sharing and Analysis Centers (ISAC)

Experience with Unix/Linux, or work relating to OS internals or file level forensics

Demonstrated knowledge of common/emerging attacks techniques & understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK

Experience with Cloud Computing and technology specifically Azure PaaS technologies such as Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps

Experience with SharePoint Online & Microsoft Exchange

The ideal candidate will have experience in a Security Operations Center or equivalent experience in enterprise scale services and platforms, experience in development of security tools and automated investigations to support hunting operations, technical depth in highly dynamic, complex environment.

#DSR

#MSFED

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.