Senior Threat Analyst / Senior Security Researcher Microsoft
Redmond, WA

Job Description

The Windows Defender ATP Research Team is looking for threat hunters. No matter how sophisticated attacker behaviors become, WDATP will help enterprises detect, investigate, and respond to advanced attacks and data breaches on their networks. Our research team uses deep knowledge of the attacker landscape and rich telemetry from our sensors to perform root-cause analysis and generate custom alerts, ensuring that WDATP customers are well equipped to quickly respond to human adversaries identified in their unique environments.

Ensuring that no human adversary can operate silently begins with experts harnessing the powerful optics provided by WDATP, across the attacker kill-chain, coupled with world-class detections. We're looking for a skilled hunter to harness the power of Microsoft's intelligent security graph to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of hunting objectives, and drive innovations for detecting advanced attacker tradecraft.

Required qualifications:

* 5+ years in cyber-security, cyber-defense, or cyber incident response
* 3+ years of experience in developing software or tools using C, C++, or C#.

Preferred qualifications:

* Basic experience using analysis tools (e.g. file/network/OS monitoring tools and/or debuggers)
* Skilled working with extremely large data sets, using tools and scripting languages like: Excel, SQL, Python, Splunk, and PowerBI.
* Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements.
* Strong ability to use data to 'tell a story'.
* Technical BA degree preferred.
* Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models.
* Experience with advanced persistent threats and human adversary compromises.
* Additional advanced technical degrees or cyber security based certifications.

#WDATPRED

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

* Explore large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and generate custom alerts for enterprise customers.
* Work with customer support teams to support investigations during an enterprise's time of need.
* Collaborate with our data science and threat research teams to develop and maintain accurate and durable cloud-based detections
* Build hunting tools and automations for use in the discovery of human adversaries.