The Digital Security and Risk Engineering (DSRE) team is looking for a Security Engineer to be a part of the Security Operations Center. In this role you will have the opportunity to work on cybersecurity issues as part of a dynamic and high-impact team. We use advanced security technologies, extensive automation and procedures to protect, detect and respond to cybersecurity issues in real-time. In addition to day to day responsibilities, you will inform security initiatives across the company. You will analyze threats and escalations from multiple sources, both internal and external. You will triage a wide variety of security events, conduct detailed and comprehensive investigation and drive issues to closure. You will also contribute to developing innovative solutions for detection and event handling. As part of the job, you will collaborate with security partners and threat intelligence teams to derive indications and warnings of impending threat and you will participate in purple team exercises including after action reviews and lessons learned.
Knowledge, experience and skills required:
* Bachelor's degree in Computer Science or Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience
* 3+ years of hands-on experience in security operations, threat detection and analysis, and/or incident response
Preferred, not required:
* Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
* Understanding of common threat analysis model's such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
* Deep understanding of system internals on MacOS, Windows, and Linux
* Background in malware analysis
* Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps
* Experience automating and developing with Python, Jupyter Notebooks, PowerShell, or R with RESTful APIs
* Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB)
* 2+ years working with SQL-based databases
* Experience working within a diverse organization to gain support for your ideas
* Ability to effectively multi-task and prioritize in a fast-paced environment
The ideal candidate will have experience in a team environment, experience with security operations and technical depth in information security domains like authentication, incident response, security monitoring or threat intelligence. In addition, this position requires an individual who thrives in high volume, highly collaborative setting.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
* Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data
* Conduct detailed comprehensive triage and investigation on a wide variety of security events and implement containment and mitigation processes
* Collaborate with internal security partners and threat intelligence teams to derive indications and warnings of impending threat
* Build, deploy, tune scalable systems that automate security event detection, response and repeatable tasks through technical solutions and new security tools
* Work with analysts and engineers by observing gaps and opportunities to provide efficiencies in detection and response
* Keep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring
* Participate in creating innovative ways to use a wide range of security event data to advance detection methods
* Use security business intelligence to drive prioritization and improvements within Microsoft security programs
* Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff
* Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly
* We handle active security events and respond to threats from a variety of sources, you will be required to participate in shift and on call rotation
Microsoft is a technology company that develops and supports software, services, and devices.