Security Detection and Analytics Engineer - Microsoft

Does protecting over 1 billion customers and making the cyber world a better place sound exciting? Do you have what it takes to be part of one of the most important security response team in the world? Do you want to innovate and improve how Microsoft transforms learnings from incidents into action? This may be the opportunity for you. The Microsoft Security Response Center (MSRC) seeks motivated, experienced security professionals to join our team. As the company accelerates our transformation in a mobile-first, cloud-first world, there has never been a more exciting time to be part of the MSRC. We strive to serve our customers at the highest-level while being constantly agile, and adopting the growth mindset that will transform Microsoft. 

The successful candidate will work as part of a team that streamlines security data collection and alerts to deliver actionable insights for our response team, and partners with engineering teams across the company to improve security for Microsoft and our customers.  

We are looking for a talented engineer with a passion for data analytics, data science, cross-group collaboration, strong communication skills and project management experience. 

• Continuous development and testing of Detection and Response content and tooling.
• Drive the improvement of our Detection and Response Framework, its methodologies, and lifecycles.
• Guidance and Support for Analysts in the release, implementation, and tuning phases.
• Contribute to the planning, review, and lessons learned of Blue, Red, and Purple Team engagements.
• Conduct in-depth knowledge-sharing sessions for special and edge detection handling.
• Contribution to the improvement of service-based Detection and Response pre-requisites.
• Automate data handling and curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.

Required Qualifications:

• Microsoft Cloud Background Check: The successful candidate must pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. 
• 3+ years working in cyber security (Information Security, InfoSec, SecOps, Security Operations, SOC, CSOC, analyst, researcher, etc.) with experience in automation of analysis, response, or forensics. 
• Previous experience in applying knowledge to uncover threats based on log data within Cloud Service Provider (CSP) environments (Azure AAD, Azure Resources, Event logs, Firewall, etc.). To build, analyze, and tune detections.  
• Experience with Microsoft Cloud Security Technologies such as Azure Sentinel, Azure Defender, MDE, ATP, Azure Data Explorer and Azure Log Analytics or similar products like ArcSight, Splunk and Logstash. 
• Skilled working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, R, U-SQL, Python, Splunk, and PowerBI. 
• Ability to automate repeatable security tasks through scripts or logic apps. 
• Demonstrated ability to understand and communicate technical details with varying levels of management. 
• Expectation to learn new tools and techniques every day. 

Preferred Qualifications:

An exceptionally well-qualified candidate will meet one or more of the following criteria: 

• Bachelor's degree in related discipline such as computer security, computer science, computer engineering or information technology. 
• Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, Diamond Model and Advanced Persistent Threat (APT)  performing Detection and Threat hunting within Cloud Service Provider (CSP) environments. 
•  Deep and practical OS security/internals knowledge for Linux and Windows 
• Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools. 
• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc. 
• Hands-on experience with developer environment tools like Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps, GitHub, and Agile Scrum 
• Ability to work effectively in ambiguous situations and respond favorably to change. 
• Self-motivated and comfortable working in a startup mode on a new team where there is lots of opportunity. 
• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, etc. are plus. 

Background Check Requirements:

Applicants must have the ability to meet Microsoft, customer, and/or government security screening requirements required for this role. These requirements include, but are not limited to, the following:  

• Microsoft Cloud Background Check: This successful candidate to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.  

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.