The Digital Security and Resilience (DSR) team is looking for a seasoned Security Engineer to work as a Cyber Hunt Analyst in the Cyber Defense Operations Center (CDOC). As part of this dynamic and high-impact team - you will have the opportunity to seek out adversary tactics, techniques, and procedures (TTP) in our environment using advanced security technologies combined with your own creative hunting methodologies.

In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities.  You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.

For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center (SOC).  Extending beyond the traditional blue team role, you will engage with Red teams and participate in Purple team exercises that will build your perspective of the adversarial mindset as well as identifying new techniques.  Finally, you will play a critical role in the continuous monitoring and response to major Incidents affecting the enterprise. 

#DSR

Responsibilities

Key responsibilities:

“What you’ll do” and impact to be made;

• Perform threat hunting operations across numerous data sets and security products to identify new and emerging adversary TTPs.
• Build and deploy automation and tools that enable hunting methodologies, investigation techniques, data enrichment, and workflow efficiencies. Operationalize these capabilities across the SOC.
• Collaborate with internal security partners, red teams, and threat intelligence teams to identify, prioritize, and research threat actor behaviors.
• Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data
• Provide investigations, response, and root cause analysis to major incidents affecting the enterprise
• Document and communicate hunt methodologies and findings. Provide metrics to measure the impact of hunting operations.
• Develop, document, and execute threat hunting operations to detect known adversary TTPs.

Qualifications

Knowledge, experience and skills:

• Bachelor’s degree in Computer Science or Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience.
• 5-8 years of experience in security operations, threat hunting and analysis, and/or incident response
• Experience automating and/or scripting with Python, Jupyter Notebooks, PowerShell, C#, or javascript
• Understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
• Experience working with SQL-based databases, Kusto/KQL, Log Analytics.
• Must have strong verbal and written communication skills; ability to communicate effectively to internal and external business partners as well as technical, and non-technical staff
• Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly
• Participate in current operations shifts, on call rotation, and focus area rotations
• Demonstrated knowledge of common/emerging attacks techniques.

Preferred, not required:

• Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps
• Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB).
• Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
• Deep understanding of system internals on MacOS, Windows, and Linux
• Background in malware analysis
• Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness
• Ability to effectively multi-task and prioritize in a fast-paced environment
• Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations

Describe the ideal candidate (optional)

The ideal candidate will have experience in a team environment, experience in a Security Operations Center or equivalent experience in enterprise scale services and platforms, experience in development of security tools and automated investigations to support hunting operations, technical depth in highly dynamic, complex environment.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.