Job type full-time
Full job description
We are the security, compliance and management (s+c+m) team; we are committed to defending microsoft customers from cyber-attacks as well as providing sophisticated tooling for securing important dataS+c fosters an agile development environment, continuously gathering and analyzing data to combat evolving threatsOur mission is to help protect customers with truly innovative proactive protection, advise customers on emerging trends, and engage in valuable partnerships.
As the research organization within s+c, it’s our job to stay one step ahead of malicious adversaries and predict the threats of the futureWe work with partners across microsoft to innovate new approaches for detecting and tracking threats, attacker techniques, their tools and infrastructure.
We are always learningInsatiably curiousWe lean into uncertainty, take risks, and learn quickly from our mistakesWe build on each other’s ideas, because we are better togetherWe stand in awe of what humans dare to achieve and are motivated every day to empower others to do and achieve more through our technology and innovationTogether we make a difference for all of our customers, from end-users to fortune 50 enterprisesYou can read about the team and its services here – defender experts aka dex
What we build: we build innovative security and data compliance productsOur security products are brought together in the microsoft 365 defender (m365d) suiteM365d enables microsoft’s enterprise customers to detect, investigate, understand, and respond to advanced threats on their networks via a combination of behavioral sensors, cloud security analytics, and threat intelligenceThe microsoft threat experts team is looking for threat hunters! no matter how sophisticated attacker behaviors become, microsoft 365 defender (m365d) will help enterprises detect, investigate, and respond to advanced attacks and data breaches on their networksOur team uses deep knowledge of the attacker landscape and rich telemetry from our sensors to perform root-cause analysis and generate custom alerts, ensuring that m365d customers are well equipped to quickly respond to human adversaries identified in their unique environmentsEnsuring that no human adversary can operate silently begins with experts harnessing the powerful optics provided by m365d, across the attacker kill-chain, coupled with world-class detectionsWe’re looking for a skilled hunter to harness the power of microsoft’s trillions of security signals to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of hunting objectives, and drive innovations for detecting advanced attacker tradecraft.
Primary responsibilities would include:
Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, to research and provide new detection mechanisms.
Acquire new and leverage existing knowledge of attacker tools, tactics and procedures to improve security posture of customers.
Self-driven and team cooperated research on novel attack techniques to simulate them in lab on endpoints and cloud infrastructure to identify required detection mechanisms.
Identify need of required tools for research and analysis and effectively engage and collaborate with partners in engineering and data science to develop and maintain them.
Effectively engage and collaborate with partners in data science, threat research to develop and maintain high-fidelity detection rules.
Build hunting tools and automations for use in the discovery of human adversaries.
You would be expected to support a 24/7 operation model that may sometimes involve working in night shifts.
5+ years of experience in a technical role in the areas of security operations, malware analysis, threat intelligence, cyber incident response, or penetration testing/red team
Comfortable working with extremely large data sets for analysis and visualization, using tools and scripting languages such as: excel, sql, python, splunk query language, kusto query language and powerbi
Ability to track, analyze, and brief on new and ongoing cyber-attacks in cloud infrastructure with understanding on aad, adfs and popular authentication/authorization protocols like saml, oauth, openid connect
In-depth understanding of latest cloud-based techniques used by attackers for persistence, privilege escalation, defense evasion and lateral movement in platforms such as azure ad, office 365 and google workspace
Functional understanding of common threat analysis models such as the diamond model, cyber kill chain, and mitre att&ck.
Advanced experience using analysis tools (e.gFile/network/os monitoring tools and/or debuggers) and advanced knowledge of operating system internals and security mechanisms
Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements and strong ability to use data to ‘tell a story’.
Following additional experiences are favorable, but not required:
Technical bs degree preferred in computer science, computer engineering, information security, mathematics, or physics
Experience with system administration in a large enterprise environment including windows and linux servers, along with workstations, network and cloud administrationFor example, expertise in edr (microsoft defender for endpoint), mdo, mdi, mcas, mtp or m365d
Experience with system administration in a large enterprise environment including windows and linux servers and workstations, network administration, cloud administration.
1+ years of experience developing software or tools using c++, c#, python, ruby, or similar , kusto
Experience with reverse engineering, digital forensics (dfir) or incident response, or machine learning models
Experience with offensive security including tools such as metasploit, exploit development, open source intelligence gathering (osint), and designing ways to breach enterprise networks
Experience with advanced persistent threats and human adversary compromises
Additional advanced technical degrees or cyber security-based certifications such as cissp, oscp, ceh, or giac certifications
Microsoft is an equal opportunity employerAll qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations, and ordinancesBenefits/perks listed below may vary depending on the nature of your employment with microsoft and the country where you work.