Job details
Job type full-time
Full job description
We are the microsoft 365 defender team, and we are committed to defending microsoft customers from sophisticated cyber-attacks and adversariesOur mission is to help protect customers with truly innovative proactive approach, advising on emerging trends, and engaging in valuable partnershipsAs the research organization within defender, it’s our job to stay one step ahead of malicious adversaries and predict the threats of the futureWe work with partners across microsoft to innovate new approaches for detecting and tracking threats, attacker techniques, their tools and infrastructureWe are always learningInsatiably curiousWe lean into uncertainty, take risks, and learn quickly from our mistakesWe build on each other’s ideas, because we are better togetherTogether we make a difference to all of our customers, from end-users to fortune 50 enterprisesOur security products are brought together in the microsoft 365 defender (m365d) suiteM365d enables microsoft’s enterprise customers to detect, investigate, understand, and respond to advanced threats on their networks via a combination of behavioral sensors, security analytics, and threat intelligence.
We are looking for threat hunters to join our endpoint hunting teamIn this role you will use deep knowledge of the attacker landscape and rich telemetry from our sensors to perform root-cause analysis and generate custom alerts, ensuring that customers are well equipped to quickly respond to human adversaries identified in their unique environmentsEnsuring that no human adversary can operate silently begins with experts harnessing the powerful optics provided by m365d, across the attacker kill-chain, coupled with world-class detectionsWe’re looking for a skilled hunters to harness the power of microsoft’s trillions of security signals to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of hunting objectives, and drive innovations for detecting advanced attacker tradecraft.
Responsibilities
Perform threat hunting on endpoints by exploring and correlating large data sets resulting in timely alerts for customers
Uncover novel attack techniques, monitor and catalog changes in activity group tradecraft
Acquire new and leverage existing knowledge of attacker tools, tactics and procedures to improve security posture of customers
Effectively engage and collaborate with partners in data science, threat research to develop and maintain high-fidelity detection rules
Build or identify hunting tools and automations for use in the discovery of human adversaries
Qualifications
Degree in computer science or a related technical discipline
5+ years of computer security industry experience in a technical role such as security operations, malware analysis, threat intelligence, cyber incident response, or penetration testing/red team
1+ years of coding and scripting experience (regex, python, sql, kql)
Comfortable working with large data sets for analysis and visualization, using tools and scripting languages such as: excel, sql, python, splunk query language, kusto query language, jupyter notebooks and powerbi
Functional understanding of common threat analysis models such as cyber kill chain, mitre att&ck
Ability to track, analyze, and brief on new and ongoing cyber-attacks with understanding of identity and popular authentication/authorization protocols
Experience using analysis tools (e.gFile/network/os monitoring tools and/or debuggers) and knowledge of operating system internals and security mechanisms
Experience in endpoint protection technologies such as epp/edr (e.gMicrosoft defender for endpoint)
Experience with reverse engineering, digital forensics (dfir) or incident response, or machine learning models
Experience with offensive security including tools such as metasploit, exploit development, open source intelligence gathering (osint), and designing ways to breach enterprise networks
Experience with advanced persistent threats and human adversary compromises
Strong understanding of attacker mindset and ability to apply defensive tactics to protect against it
Broad, general familiarity with the threat landscape affecting enterprise customers
Good verbal and written communication skills in english
Microsoft is an equal opportunity employerAll qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinancesWe also consider qualified applicants regardless of criminal histories, consistent with legal requirementsIf you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with microsoft and the country where you work.
Hiring insights
Job activity
Posted 4 days ago