Are you passionate about Defensive Security and want to generate positive impact by solving some of complex security challenges Microsoft is involved in? We’re looking for a Security Response Team (SRT) Investigator with the right mix of technical depth, engineering background, on-line services experience and collaboration skills to help grow and protect Office 365 cloud services. 

Microsoft 365 is at the center of Microsoft’s cloud first, devices first strategy bringing together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients.  

  

As a Senior Security Service Engineer, you will drive some of the most challenging and unique security workstreams such as incident investigations, security reviews, proactive threat hunting, process automation. In addition, the candidate will be required to collaborate and represent M365 Security among other cloud security experts across Microsoft. You will participate in required meetings, activities to discuss incidents and facilitate discussion around trends and early warning indicators, as well as help design solutions to emerging threats. M365 Security is a fast-paced team that constantly provides new opportunities to learn and grow.

Responsibilities

Core Responsibilities: 

• Respond to and investigate sophisticated threats with information from a wide variety of sources, and ensure similar scenarios are prevented in the future. 
• Perform forensic investigation on suspected compromised assets and analyze log data to determine what occurred.  
• Collaborate with the team to create adversary eviction and incident remediation plans.  
• Analyze and improve situational awareness, monitoring coverage, and incident response capabilities. 
• Hunt for and eradicate threats proactively. 
• Hunt for malicious activity using advanced threat network and host-based tools to identify the threat actors and their tools and techniques. 
• Design, develop, and deliver tooling to assist the investigative or hunting process. 
• Create technical documentation for other analysts and other teams to follow.  
• Drive some of the small projects identified by team. 

Qualifications

Core Qualifications:

• 5+ years of hands-on experience in security investigations, threat detection & analysis, security program management, and/or incident response.  
• Experience with Log Analytics and SIEM solutions such as ArcSight, Splunk, Solarwinds SEM, Azure Sentinel, etc. 
• Experience with Windows Security Events, Azure Security Capabilities, AAD Security, ARM Security, Azure DevOps (CI/CD).  
• Strong working knowledge of security controls such as encryption, AuthN/AuthZ, PKI, HIDS, NIDS, etc. 
• Skilled working with extremely large data sets, using tools and scripting languages like: SQL, Python, Splunk, and PowerBI, Kusto,  
• Experience in working on large scale security incidents like identity compromise and data breach.   Ability to extract threat themes and trends from Large Incident Data.  
• Practical Hands On experience on security aspects and trends such as threat hunting and modeling, digital forensics, reverse engineering, phishing, and penetration testing. 
• Demonstrated ability to understand and communicate technical details with varying levels of management.  
• Strong scripting and/or coding skills (PowerShell, Python, C#, etc.)  

Preferred Qualifications (but Not Required): 

• Experience with cloud-hosted services, web-based applications, and server/service management features 
• Experience with the Microsoft cloud and/or stack including O365, Azure, Windows or other Microsoft software/services 
• Relevant industry certifications are a definite plus! (CISSP, Cisco, GIAC, etc.) 
• Experience working with Big Data solutions like Hadoop, Spark, Cassandra, Neo4j 
• Familiarity with some or all of Microsoft Security set of technologies, and depth experience in at least one: 
• Azure Security Center (ASC) 
• Windows Defender Advanced Threat Protection (WDATP) 
• Microsoft Cloud App Security Broker (CASB) Solutions - Microsoft Cloud App Security (MCAS) / Office 365 Cloud App Security (OCAS) / Azure AD Cloud App Discovery 
• Office 365 Advanced Threat Protection (O365 ATP) 
• Office 365 Threat Intel (O365 TI) 
• Azure Advanced Threat Protection (Azure ATP) 

• Experience with common forensic toolsets such as: FTK, EnCase, KANSA, RedLine, Volatility, etc. 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.