Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
The Digital Security and Risk Engineering (DSRE) team is looking for a seasoned Security Engineer to work as a Cyber Hunt Analyst in the Cyber Defense Operations Center (CDOC). As part of this dynamic and high-impact team - you will have the opportunity to seek out adversary tactics, techniques, and procedures (TTP) in our environment through the use of advanced security technologies combined with your own creative hunting methodologies.
In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities. You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.
For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center. Extending beyond the traditional blue team role, you will engage red teams and participate in purple team exercises that will build your perspective of the adversarial mindset as well as identify new techniques that need to be hunted. Finally, you will play a critical role in the continuous monitoring and response to Major Incidents affecting the Enterprise.
Knowledge, experience and skills required:
Preferred, not required:
* Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues * Understanding of common threat analysis model's such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK * Deep understanding of system internals on MacOS, Windows, and Linux * Background in malware analysis * Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps * Experience automating and developing with Python, Jupyter Notebooks, PowerShell, or R with RESTful APIs * Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB) * 2+ years working with SQL-based databases * Experience working within a diverse organization to gain support for your ideas * Ability to effectively multi-task and prioritize in a fast-paced environment
The ideal candidate will have experience in a team environment, experience in a Security Operations Center or equivalent experience in enterprise scale services and platforms, experience in development of security tools and automated investigations to support hunting operations, technical depth in highly dynamic, complex environment.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
* Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data * Collaborate with internal security partners, red teams, and threat intelligence teams to identify, prioritize, and research threat actor behaviors. * Develop, document, and execute threat hunting operations to detect known adversary TTPs. * Perform threat hunting operations across numerous data sets and security products to identify new and emerging adversary TTPs. * Document and communicate hunt methodologies and findings. Provide metrics to measure the impact of hunting operations. * Build and deploy automation and tools that enable hunting methodologies, investigation techniques, data enrichment, and workflow efficiencies. Operationalize these capabilities across the SOC. * Provide investigations, response, and root cause analysis to major incidents affecting the enterprise * Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff * Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly * Participate in current operations shifts, on call rotation, and focus area rotations * Travel - 0-25%
Microsoft is a technology company that develops and supports software, services, and devices.