Job Information
Microsoft Corporation Cybersecurity Threat Hunter and Forensic Analyst in Multiple Locations, United States
With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.
The Global Customer Success (GCS) organization is leading the effort to create the desired customer experience through support offer creation, driving digital transformation across our tools, and delivering operational excellence across CE&S.
The Microsoft Detection and Response Team (DART) is looking for a Cybersecurity Threat Hunter and Forensic Analyst to join their collaborative team. This position will be a vital individual contributor role on the DART team in taking the lead in threat hunting and forensics in delivery of cybersecurity investigations for our customers. You will work in a fast-paced, intellectually intense, service-oriented environment where collaboration and speed are key to our investigations.
Responsibilities
Technical Delivery
This role will work as part of a collaborative team assisting our customers with:
Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
Discovering attacker persistence (if present)
Determining attacker activity on known compromised systems
Identifying potential threats – allowing for proactive defence before an actual incident
Providing recommendations to improve cybersecurity posture going forward
Performing knowledge transfer to prepare customers to defend against today’s threat landscape
Research
Security threats are constantly evolving, and so must the Microsoft Incident Response team. To that end, this role will involve:
Researching, analyzing, and summarizing security threats, sharing across the team
Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats. Creating new solutions to mitigate security issues
Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources
Thought Leadership
This role includes the ability to be at the forefront of Microsoft Security thought leadership by:
Developing written content for publication on Microsoft blog platforms
Developing presentations for delivery at internal and external conferences
Use the unique experiences of Microsoft Incident Response to create unique storytelling moments
Operational Excellence
Must be maintained by:
Completing operational tasks and readiness with timeliness and accuracy.
Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines).
Leading by example and guiding team members on operational tasks, readiness, and compliance.
Qualifications
Required/Minimum Qualifications
5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
3+ years of experience with threat actor tactics, techniques, and procedures (TTPs)
3+ years of experience with Windows forensics and an understanding of key forensic artifacts (Event Logs, Prefetch, Shimcache, Amcache, ShellBags, etc.)
3+ years of experience with Cloud forensics, including identity attack artefacts, lateral movement techniques and knowledge of PaaS, SaaS and IaaS systems such as Azure and Office 365 forensics
Additional or Preferred Qualifications
6+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
OR Doctorate in Statistics, Mathematics, Computer Science or related field
Experience with third-party security products, including but not limited to, Splunk, CrowdStrike Falcon, QRadar, etc.
Experience with Kusto Query Language (KQL)
Experience with malware analysis
Experience with the intelligence cycle, and generating threat intelligence from investigative findings
Experience performing large scale investigations of advanced adversaries
Published research (blogs, presentations, etc) on novel threat actor TTPs
Mentorship of other investigators
Ability to correlate data and identity outliers in disparate data sources
Understanding of security products within an IT environment in multiple layers of the security stack (Antivirus, EDR, IDPS, proxy, firewall, VPN, email, etc.)
Applied knowledge of the MITRE Attack Framework
Security Research IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay (https://careers.microsoft.com/us/en/us-corporate-pay %20 )
Microsoft will accept applications and processes offers for these roles on an ongoing basis.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .
Microsoft Corporation
- Microsoft Corporation Jobs