Security Service Engineering Manager - CTJ

    Microsoft Corporation
    Reston, VA
    Full-time
    Similar jobs pay $12.50 - $19.40

    Job Description

    The M365 Security + Compliance team is looking for a talented Security Manager to lead a team responsible for security research, response, and investigation. You will be a part of defending our customer base focused on conducting research to advance our capabilities, identifying new attacks, coordinating large scale response and investigating issues.

    Microsoft 365 is at the center of Microsoft's cloud first, devices first strategy bringing together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients. Our customers depend on our services to achieve success in their organizations; whether it be a Fortune 100, small business, non-profit, educational institution, or the US Government. You pass by dozens of our customers on your drive to work every day! Our customers trust us with their most critical data, and we honor that trust with continuous investment and improvement in the security of our services.

    We are seeking a leader to help us grow our team of expert security researchers and security engineers to protect our customers against all threats by delivering durable threat prevention & remediation content as well as managing effective response. Your passion for research excellence, data and security, comfort with ambiguity and acceptance of the need to deliver consistently exceptional performance under high pressure, combined with your proven ability to sift through data datasets to extract valuable insights will be critical in helping us continue to successfully achieve our mission. This team will leverage the billions of signals surfaced across our services (Office 365, AAD, MDATP, etc.), cutting edge threat research, state of the art ML/AI and human expertise to ensure threats are stopped before they infect user machines or any of our service architecture. The team also operates in a research-as-a-service model and helps resolve any reported FNs/FPs in our products by delivering durable protection content. This leadership position requires deep domain knowledge in security research, threat hunting, experience in security operations and investigations, and the capability to manage a globally distributed team of experts.

    In this role you will work to help identify risk to us and our customers, respond to and investigate the issues, partner on solutions to better prevent, detect, and respond in the future.

    These responsibilities include:

    Build and lead a team of talented security investigators, researchers and engineers, working closely with data scientists and other threat hunters across M365 (Office ATP, Office 365, AAD and MDATP).

    Be the site lead for the peer business being managed outside of corporate HQ's

    Provide exemplary leadership in an exceptionally challenging and rewarding environment and influence the organization

    Partner across the company's security experts and build relationships with key areas where we can improve our security practices and response capabilities.

    Conduct research that yield new insights, theories, analyses, data, algorithms and prototypes that advance state-of-the-art of malware protection

    Manage response and investigation activities across all issues the team manages throughout the incident lifecycle.

    Investigate, analyze and learn from security researchers, attackers and real incidents in order to develop durable detection strategies across the entire kill-chain or product enhancements.

    Work with other internal and external teams to forge new and improve existing partnerships that help mature the product

    Collaborate with other researchers, coordinators and developers to improve the protection, detection and response capabilities of the products

    Drive end-to-end support for customer facing submissions with a global team responding 24/7 supporting Windows/Linux/Mac/IOS/Android.

    Interact with Microsoft Threat Experts (MTE) on ensuring customer protection.

    Innovate processes, create strategies and work with partner teams to promote efficiency.

    Ensure research, response and investigative excellence through regular training and learnings.

    Increase sample sourcing efforts by leveraging crawlers/honeypot and external feeds.

    Build metrics and KPI for existing projects to monitor progress. This includes creating reports, executive summaries and updates for leadership team

    Required Qualifications:
    • This position requires verification of US Citizenship to meet federal government contract requirements.
    • Current Active Top Secret (TS) clearance or above.
    • Must be able to upgrade to and maintain Top Secret SCI (TS/SCI) with Full Scope Polygraph.
    • Must be able to pass the Microsoft Cloud background check upon hire/transfer and every 2 years thereafter.
    • 5+ years working in information security (infosec, SecOps, security PM, analyst, researcher, etc.) field
    • BS+ in Computer Science or Computer Engineering or equivalent industry experience.
    • 4+ years expereince and proven leadership and people management capabilities managing security team with responsibilities across Research, Engineering Security Operations, and Cybersecurity Investigations
    • Experience growing a team, building talented high performers, and a track record of delivering outstanding results as a TEAM.
    • Excellent communication skills and situational Awareness. You will be working closely with other product group engineers across Microsoft as well as customer engineers and system administrators
    • Deep understanding of Security Operations Center and Security Incident Response Team processes and procedures.
    • Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc.
    • Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking.
    • Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc.
    • Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc.
    • Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms
    • Development skills with Objective C, C, and/or scripting languages (e.g. Python, bash)
    • Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills and effective written/verbal communication skills, with experience presenting to C-level audiences
    • Good knowledge of kill-chain model, ATT&CK framework, and modern red team tactics and techniques
    Preferred Qualifications:
    • Prior experience working with the US Government or US Department of Defense
    • Expert knowledge in detection technologies
    • Deep and practical OS security/internals knowledge
    • Ability to work effectively in ambiguous situations and respond favorably to change
    • Industry recognized author of security research papers, blogs, or books
    • Experience working on security investigations in cloud services and understand the nuances of supporting cloud service investigations vs host/endpoint based.
    • Desire and ability to automate repeatable security tasks through scripts and logic apps and share it with wider group.
    • Comfortable working in a startup mode on a new team where there is lots of opportunity.
    • Certifications like GCIA,GSLC, GCIH, CISM, CISSP, CEH, are plus.
    Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

    Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

    #redsc

    #CTJ

    Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

    Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

    Posting ID: 556642665Posted: 2020-05-21