Are you passionate about cybersecurity? Have you spent your days investigating and/or researching security incidents and uncovering malicious behavior? Are you an analyst skilled with the many tools and creative approaches used to hunt attackers? Are you a hunter at heart with an engineering mentality who automates to avoid doing the same thing twice?
The Microsoft Security Response Center (MSRC) as part of Cloud Security Operations Center team is looking for a Cyber Threat Researcher to work in the Cyber Defense Operations Center (CDOC). As part of this dynamic and high-impact team - you will have the opportunity to seek out adversary tactics, techniques, and procedures (TTP) in our environment using advanced security technologies combined with your own creative hunting methodologies.
In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities. You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.
For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center (SOC). Extending beyond the traditional blue team role, you will engage red teams and participate in purple team exercises that will build your perspective of the adversarial mindset as well as identify new techniques that need to be hunted. Finally, you will play a critical role in the improvement to monitoring and response to major Incidents affecting the enterprise.
Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
- Develop, document, and execute threat hunting research with internal teams to identify adversaries and their behaviors, including new/emerging tactics.
- Conduct research that yields new insights, theories, analyses, data, algorithms, and prototypes that advance state-of-the-art of controls, detections, monitoring, and investigation/hunting capabilities or leads to improvements to the protection capabilities of our products and services.
- Develop robust detection and mitigation strategies by studying security researchers, attackers, and real incidents. Identify attack-paths from kill-chains for relevance and long-term effectiveness.
- Innovate processes, create strategies, develop automation or tools and work with partner teams to promote efficiency for hunters and investigators.
- Document and communicate hunt methodologies, findings, and outcomes and aid in development of metrics and KPIs for existing projects to monitor progress. This includes reports with varying levels of leadership.
- Identify and collaborate on response to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data or to major incidents affecting the enterprise and cloud's infrastructure.
Qualifications
Required Qualifications
o OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field
2+ years of experience in security operations, threat hunting and analysis, pen testing, vulnerability research, and/or incident response
2+ years of experience automating and/or scripting with Python, Jupyter Notebooks, PowerShell, C#, or javascript
2+ years of experience working with SQL-based databases, Kusto, Log Analytics
Other Requirements
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications
- Trusted knowledge in detection technologies
- Good knowledge of kill-chain model, ATT&CK framework, and modern redteam techniques
- Demonstrated knowledge of common/emerging attacks techniques.
- Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB).
- Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps and ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.
- Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD) / Microsoft Entra, etc.
- Experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams, or Power Platform.
- Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
- Background in malware analysis, vulnerability research or attack simulation
- Reverse Engineering & malware analysis
Security Research IC3 - The typical base pay range for this role across the U.S. is USD $94,300 - $182,600 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $120,900 - $198,600 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
#MSFTSecurity
#DSR
#MSRC
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .
