Does protecting over 1 billion customers and making the cyber world a better place sound exciting? Do you have what it takes to be part of one of the most important security response team in the world? Do you want to innovate and improve how Microsoft transforms learnings from incidents into action? This may be the opportunity for you. The Microsoft Security Response Center (MSRC) seeks motivated, experienced security professionals to join our team. As the company accelerates our transformation in a mobile-first, cloud-first world, there has never been a more exciting time to be part of the MSRC. We strive to serve our customers at the highest-level while being constantly agile, and adopting the growth mindset that will transform Microsoft.

The successful candidate will work as part of a team that streamlines security data collection and alerts to deliver actionable insights for our response team, and partners with engineering teams across the company to improve security for Microsoft and our customers.

We are looking for a talented engineer with a passion for data analytics, data science, cross-group collaboration, strong communication skills and project management experience.

Responsibilities

• Ability to automate repeatable security tasks through scripts or logic apps.

• Apply knowledge to uncover threats based on log data to build, analyze, and tune detections.

• Ability to handle extremely large data sets to answer complex and ambiguous questions.

Qualifications

• 3-5 years working in cyber security (Information Security, InfoSec, SecOps, Security Operations, SOC, CSOC, analyst, researcher, etc.) with experience in automation of analysis, response, or forensics.

• Previous experience in applying knowledge to uncover threats based on log data within Cloud Service Provider (CSP) environments (Azure AAD, Azure Resources, Event logs, Firewall, etc.) to build, analyze, and tune detections.

• Experience with Microsoft Cloud Security Technologies such as Azure Sentinel, Microsoft Defender, MDE, ATP, Azure Data Explorer and Azure Log Analytics or similar products like ArcSight, Splunk and Logstash.

• Skilled in working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, R, U-SQL, Python, Splunk, and PowerBI.

• Proactive identification of Abuse patterns (Platform / Service) and Evaluate security risks and their impact to the Microsoft Cloud platform and its online services.

• Ability to automate repeatable security tasks through scripts or logic apps.

• Demonstrated ability to understand and communicate technical details with varying levels of management.

Expectation to learn new tools and techniques every day.

An exceptionally well-qualified candidate will meet one or more of the following criteria:

• Bachelor's degree in related discipline such as computer security, computer science, computer engineering or information technology.

• Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, Diamond Model and Advanced Persistent Threat (APT) performing Detection and Threat hunting within Cloud Service Provider (CSP) environments.

• Deep and practical OS security/internals knowledge for Linux and Windows

• Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.

• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.

• Hands-on experience with developer environment tools like Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps, GitHub, and Agile Scrum

• Ability to work effectively in ambiguous situations and respond favorably to change.

• Self-motivated and comfortable working in a startup mode on a new team where there is lots of opportunity.

Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, etc. are plus.

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .