Responsibilities
This role is part of a collaborative team, assisting our customers with:
* Performing deep analysis of attacker activity in on-premises and cloud environments
* Identifying potential threats, allowing for proactive defense before an actual incident
* Notifying customers regarding imminent attacker activity
* Providing recommendations to improve customers’ cybersecurity posture and performing threat intelligence knowledge transfer to prepare customers to defend against today’s threat landscape
* Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
* Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
* Identifying, prioritizing, and targeting complex security issues that negatively impact customers, creating and driving adoption of relevant mitigations, and providing proactive guidance
* Synthesizing research findings into recommendations for mitigation of security issues, sharing across teams, and driving change based on research findings
Qualifications
Required/Minimum Qualifications:
* Experience in software development lifecycle, large-scale computing, modeling, cybersecurity, threat hunting, and/or anomaly detection OR a Master's Degree in Statistics, Mathematics, Computer Science, or related field
* Microsoft Cloud Background Check: This position requires passing the Microsoft Cloud background check upon hire/transfer and every two years thereafter
Additional or Preferred Qualifications:
* Proficient experience in software development lifecycle, large-scale computing, modeling, cybersecurity, threat hunting, and/or anomaly detection OR Doctorate in Statistics, Mathematics, Computer Science, or related field
* Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
* Strong understanding of malware and the modern threat landscape, especially identity-based attacks
* Familiarity with SQL or Kusto Query Language (KQL) queries, or experience with large database/SIEM query languages such as Splunk, Humio, Kibana, etc.
* Understanding of Jupyter Notebooks or building equivalent threat hunting automations with scripting languages
* Consulting background and Active Directory expertise
* Experience with forensic analysis tools like X-Ways Forensics, WinHex, Encase, FTK, etc.
* Knowledge of Microsoft Azure and/or Office365 platforms
* Experience with forensic log artifacts in SIEM logs, web server logs, AV logs, protection logs (HIDS/NIDS)
* Familiarity with Microsoft Defender 365 security stack, especially Advanced Hunting query writing
* Excellent understanding of Windows internals and trace evidence locations
* Knowledge of third-party cybersecurity solutions, especially EDR and SIEM solutions
* Linux and/or macOS forensic analysis and threat hunting skills
* Relevant technical certifications (e.g., Azure, SharePoint, CISSP, SANS GIAC)
* Ability to obtain and maintain a Security Clearance
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration without regard to various protected characteristics. If you need assistance or a reasonable accommodation due to a disability during the application or recruiting process, please send a request via the Accommodation request form. Benefits and perks may vary depending on employment nature and country. #J-18808-Ljbffr