Cyber Security Analyst

Security Incident Response, Digital Security & Resilience

The mission of Microsoft Digital Security & Resilience (DSR) is to enable Microsoft to build the most trusted devices and services, while keeping our company safe and our data protected. ​As part of Microsoft’s Security, Compliance, Identity, and Management organization, and a steward of Microsoft and our customer’s data, a core function of Microsoft DSR is ensuring the security of every aspect of the business. Microsoft DSR is responsible for company-wide information security and compliance, with a strategic focus on information protection, assessment, awareness, governance, and enterprise business continuity. As customer zero, we deploy and secure these services inside Microsoft and then share best practices with enterprise customers at scale across the globe. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more! 

The Security Incident Response team is a part of the Microsoft’s Digital Security & Resilience (DSR) organization.  We are looking for an experienced security incident responder to join the Insider Threat Operations team.  As a member of the team, you are central to our efforts to prevent and protect the company against insider threats.  You will serve as an escalation point to respond to anomalous behavior that may indicate Insider Threat, and coordinate the investigation and remediation processes with our partner teams across Microsoft globally.  You will drive all aspects of case management, assist in analytic work to identify patterns and trends, and recommend security and process enhancements to management. 

The successful candidate will thrive in a dynamic and global team environment, demonstrate sound and consistent judgement, and can work independently.  Having strong attention to detail, excellent communication and organization skills will be essential to success in this role.

Preferred work locations:
Atlanta, Georgia
Austin, Texas
Redmond, Washington
Reston, Virginia
Remote in the U.S.

Responsibilities

Key responsibilities:

• Respond to detections and escalations related to Insider Threat
• Identify, collect, and analyze essential data from variety of sources.
• Coordinate the investigation and mitigation steps with other internal teams within Microsoft globally
• Develop playbooks to improve processes and information sharing across teams
• Ensure metrics are complete and accurate and findings are documented in case management system
• Perform data analysis to identify patterns and trends, and make recommendations to enhance detective and preventive controls
• Provide project-related support to enhance Insider Threat program

Qualifications

Knowledge, experience and skills required: 

• 3+ years of hands-on experience in security operations, threat detection and analysis, and/or incident response
• Experience with data query language such as SQL, KQL
• Must be detail-oriented, with strong problem-solving and troubleshooting skills 
• Strong cross-team collaboration & organizational skills  
• Ability to work across geographically separated teams
• Ability to be flexible and work quickly and efficiently 
• Ability to react with appropriate urgency to situations and requests 
• Exercise sound judgment, tact, diplomacy, integrity and professionalism in all communications 
• Excellent written and oral communication skills
• Must be able to maintain confidentiality and use discretion and judgment at all times 

Preferred, not required:

• Familiarity with programming and automations, is a plus

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.