Are you interested in working on the cutting edge of enterprise security products? Do you want to combat evolving, advanced security threats? Do you want to help shape intelligence and analytics systems powering one of the most advanced security products Microsoft offers today?
Microsoft 365 Defender (M365D) is the unified suite that enables Microsoft’s enterprise customers to detect, investigate, understand, and respond to advanced threats on their networks via a combination of behavioral sensors, cloud security analytics, and threat intelligence.
Our team’s mission is to prepare and protect Microsoft 365 (M365) customers by correlating product signals with curated intelligence insights and understanding of the emerging threat landscape.
We have an exciting and unique charter to work with threats that span targeted and commodity attacks across a variety of platforms via behaviors with a focus on providing Actionable Threat Intelligence to empower people and organizations across the world to be resilient against current and future cyberattacks. You’ll be part of a team of world class security experts from diverse technical background to deliver security research in the form of an intelligence service that ships continuously, and contributes directly to security protections that measurably protect people across the planet every day.
In this role, you will work with partners across Microsoft to innovate new approaches for detecting and tracking threats, adversaries, techniques, tools, and infrastructure in a rapidly evolving and cloud focused threat landscape. You will use threat research and data science to not only enhance our optics and capability but also hunt for real cyber threats while producing intelligence reports and analysis for cyber security stakeholders across Microsoft, our external partners, and our customers.
- 3+ years of professional experience in either Incident Response, IT Security, malware analysis, offensive security or tracking cyber threats with a demonstrated ability to leverage intelligence on attacker methodology, tools, and infrastructure to improve security posture
Preferred Skillsets and Experience:
- 5+ years of professional experience in cybersecurity related role
- Excellent written and verbal communication skills with an eye for detail and the ability to articulate business needs in cross-group and partner scenarios
- In-depth security research experience with long running campaigns or attacks, with demonstrated security report or blog publication
- Demonstrated knowledge of Incident Response methodology and attacker tradecraft
- Experience tracking or emulating adversaries and investigations that span on-premise and cloud-based compromises, including investigations into cloud-based email and infrastructure
- Experience working with extremely large data sets using tools and scripting languages like Excel, SQL, Python, Splunk, KQL, Jupyter Notebooks, and Power BI
- Experience working closely with threat intelligence analysts to understand their workflow and analytic problems and turning those into large-scale analytics and repeatable methodologies
- Demonstrated capability to analyze and coherently present and prioritize complex threat intelligence information in a meaningful way to drive customer change
- Experience with detection creation methodologies across multiple platforms
- Ability to utilize data on attacker behavior uptake and global impact to prioritize security detection and remediation tasks
- Deep and practical OS security/internals knowledge
- Understanding of network protocols and analytical experience with network infrastructure data & telemetry
- Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK and experience using them to track attacks
- Reverse-engineering, static and behavioral binary analysis, or malware analysis experience is a plus
- Programming or scripting background (Python, PowerShell, C#, C++, etc.) is a plus
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.