Cybersecurity Threat Hunter and Forensic AnalystWith over 18,000 employees worldwide, the mission of the Customer Experience Success (CES) organization is to empower customers to accelerate business value through differentiated customer experiences that leverage Microsoft's products and services, ignited by our people and culture.
Come join CES and help us build a future where customers achieve their business outcomes faster with technology that does more.The mission of the Microsoft Detection and Response Team (DART) part of CES is to empower organizations to combat cyber threats through intelligence-driven investigation and strategic mitigation, leveraging our expertise to safeguard digital assets.
Our vision is to be the leading provider of expert incident response services, significantly reducing the time to investigate and neutralize threats, and fostering a resilient and secure digital future for all.The Microsoft Incident Response team is seeking a skilled and experienced hunter to join our team, who are the first port of call for many customers during a security incident.
This role presents an opportunity to be the tip of the spear during incident response engagements, driving the hunting and forensics workstream throughout the incident and presenting findings to stakeholders from every part of the business.
Strong hunting and forensics knowledge is key, ideally with experience in both on-premises and cloud environments, along with the ability to communicate technical content with clarity and context, and good knowledge of nation-state and cybercrime attack techniques.
A desire to fail fast and learn quickly is critical, along with strong analytical and critical thinking skills.Along with working reactive incident response cases for some of the most esteemed businesses in the world, hunters should be able to conduct research into novel techniques, have excellent documentation skills, and be confident in disseminating knowledge both across the team and across partner teams within Microsoft.
Thought leadership is also a key priority, in the form of written and spoken content delivered both internally and externally.
Any successful candidate should also embody Microsoft's culture and values.The role is flexible in that you can work up to 100% from home; however, short notice travel to work onsite alongside customers could be 40% or higher as is demanded by the needs of our customers and business.
This position may require you to work a rotational On-Call schedule, evenings, weekends, or holiday shifts.
Though schedule changes are not frequent, you will need to have flexibility to accommodate changes as needed.ResponsibilitiesTechnical DeliveryContextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident.Pulling together multiple disparate events to build and communicate a cohesive timeline of activity.Discovering attacker persistence (if present).Determining attacker activity on known compromised systems.Identifying potential threats – allowing for proactive defense before an actual incident.Providing recommendations to improve cybersecurity posture going forward.Performing knowledge transfer to prepare customers to defend against today's threat landscape.ResearchResearching, analyzing, and summarizing security threats, sharing across the team.Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature.Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats.
Creating new solutions to mitigate security issues.Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses.Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources.Thought LeadershipDeveloping written content for publication on Microsoft blog platforms.Developing presentations for delivery at internal and external conferences.Use the unique experiences of Microsoft Incident Response to create unique storytelling moments.Operational Excellence Must Be Maintained ByCompleting operational tasks and readiness with timeliness and accuracy.Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines).Leading by example and guiding team members on operational tasks, readiness, and compliance.QualificationsRequired / Minimum Qualifications:Degree in Statistics, Mathematics, Computer Science or related field OR experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.In-depth knowledge of one or more of the following disciplines:Windows forensics and an understanding of key forensic artifacts (Event Logs, Prefetch, Shimcache, Amcache, ShellBags, etc.
)Linux, and/or macOS forensics.Cloud forensics, including identity attack artifacts, lateral movement techniques and knowledge of PaaS, SaaS and IaaS systems such as Azure and Office 365 forensics.Threat actor tactics, techniques, and procedures (TTPs).Ability to correlate data and identify outliers in disparate data sources.Understanding of security products within an IT environment in multiple layers of the security stack (Antivirus, EDR, IDPS, proxy, firewall, VPN, email, etc.
).Applied knowledge of the MITRE Attack Framework.Additional Or Preferred QualificationsExperience with third-party security products, including but not limited to, Splunk, CrowdStrike Falcon, QRadar, etc.Experience with Kusto Query Language (KQL).Experience with malware analysis.Experience with the intelligence cycle, and generating threat intelligence from investigative findings.Experience performing large-scale investigations of advanced adversaries.Published research (blogs, presentations, etc.)
on novel threat actor TTPs.Mentorship of junior investigators.Microsoft is an equal opportunity employer.
Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances.
If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
#J-18808-Ljbffr
