QualificationsMalware analysisOperating systemsInformation securityAzureSQL
The mission of Microsoft Digital Security & Resilience (DSR) is to enable Microsoft to build the most trusted devices and services, while keeping our company safe and our data protected. As part of Microsoft’s Security, Compliance, Identity, and Management organization, and a steward of Microsoft and our customer’s data, a core function of Microsoft DSR is ensuring the security of every aspect of the business. Microsoft DSR is responsible for company-wide information security and compliance, with a strategic focus on information protection, assessment, awareness, governance, and enterprise business continuity. As customer zero, we deploy and secure these services inside Microsoft and then share best practices with enterprise customers at scale across the globe. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
The Digital Security and Resilience (DSR) team is looking for a motivated Security Engineer with a passion for detection and response to work in the Cyber Defense Operations Center (CDOC). As part of this dynamic and high-impact team you will shape and develop a modern detection engineering and response program that favors automation over manual response.
In this role, you will focus on conducting detailed and comprehensive security investigations, develop and tune a wide variety of advanced security detections, and driving security incidents to closure. You will be able to leverage first class security partners, threat intelligence teams and Microsoft security product groups to improve our security posture, respond to threats and provide requirements to enhance our security solutions.
For greatest impact, you will contribute to the development and implementation of an agile threat detection methodology using detection-as-code and the MITRE ATT&CK framework over both Microsoft security product and custom alerting. Finally, you will play a critical role in the continuous monitoring and response to major incidents affecting the enterprise.
Responsibilities
Key responsibilities:
As a member of the DSR SOC Investigations team your primary responsibilities would include:
Conduct detailed, comprehensive analysis and investigation on a wide variety of security events, implement containment and mitigation processes, and drive incidents to closure
Work with partner security engineering teams and product groups to validate detection effectiveness using a data-driven approach
Continuously fine-tune our detection pipeline to reduce false positives
Mature our capabilities to proactively identify security threats and develop detections.
Keep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat detection
Mentor and provide guidance to team members on detection and response best practices
We handle active security events and respond to threats from a variety of sources, you will be required to participate in on-shift and on-call rotation
Qualifications
Knowledge, experience and skills required:
5+ years of experience in cybersecurity
3+ years of experience in either security operations, detection engineering and/or incident response
Deep and practical understanding of system internals and/or hardening in one or more of the following: Windows, Linux or macOS operating systems
Preferred, not required:
Experience correlating across very large and diverse data sets (Azure Sentinel, Azure Data Lake, Azure Data Explorer, Cosmos DB)
Skilled working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook and Python.
Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
Understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
Demonstrated knowledge of common/emerging attack techniques
Background in malware analysis
Preferred work locations:
Atlanta, Georgia
Austin, Texas
Redmond, Washington
Reston, Virginia
Remote in the U.S.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.