Cyber Security Analyst II
Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
The Digital Security and Risk Engineering (DSRE) team is looking for a seasoned Security Engineer to work as a Cyber Security Analyst in the Cyber Defense Operations Center(CDOC) focusing on detection, investigation & response of threats against the Microsoft Enterprise. The candidate should be a highly motivated self-starter with attention to detail who can operate in a complex, dynamic environment. This work requires real-time problem solving, technical curiosity, excellent judgement, and strong communication skills. In this role you will have the opportunity to work on cybersecurity issues as part of a dynamic and high-impact team.
We use advanced security technologies, extensive automation, and procedures to protect, detect and respond to security threats in real-time. In addition to day to day responsibilities, you will inform security initiatives across the company. You will analyze, contain, and mitigate threats and escalations from multiple sources, both internal and external. You will be involved in the building and tuning of a wide variety of advanced security detections, conducting detailed and comprehensive investigations, and driving issues to closure. You will also contribute to developing innovative automation and orchestration solutions for detection and response. Finally, you will collaborate with security partners and Microsoft security product groups to improve our security posture. Key responsibilities:
As a member of the DSRE SOC Investigations team your primary responsibilities would include:
- Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data.
- Conduct detailed comprehensive analysis and investigation on a wide variety of security events and implement containment and mitigation processes.
- Collaborate with internal security partners and threat intelligence teams to derive indications and warnings of impending threat.
- Use security business intelligence to drive prioritization and improvements within Microsoft security programs.
- Assist in the build, deploy and tune process of scalable systems that automate security event detection, response and repeatable tasks.
- Keep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring.
- Participate in creating innovative ways to use a wide range of security event data to advance detection methods.
- Work with security engineering teams to validate detection effectiveness using a data-driven approach ant to identify detection gaps and improvements.
- Mentor and provide guidance to junior team members in technical detection and response best practices.
- We handle active security events and respond to threats from a variety of sources, you will be required to participate in shift and on call rotation.
- Bachelor's degree in Computer Science or Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience.
- 3+ years of hands-on experience in security operations or threat detection and analysis or incident response or secure network design.
- 2+ years of experience working with system internal and hardening of Windows operating systems and one or more of the following: Linux and/or macOS .
- Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps
- Experience automating and developing with Python, Jupyter Notebooks, PowerShell, or R with RESTful APIs
- Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB)
- Experience working with SQL-based databases, Kusto, Log Analytics
- Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues.
- Understanding of common threat analysis model's such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.
- Demonstrated knowledge of common/emerging attack techniques
- Background in malware analysis.
- Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness.
- Ability to effectively multi-task and prioritize in a fast-paced environment.
- Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations.
The ideal candidate will have experience in a team environment, experience with security operations and technical depth in information security domains like authentication, incident response, security monitoring or threat ingelligence. In addition, experience in development of security tools and automated investigations to support response operations is highly desireable.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.