Microsoft Security Researcher II 

Taiwan, Taoyuan City 

148674173

Are you eager tocatch threat actors,for their TTP’sand write detections

Are you interested in solving problems

, Azure) for evidence of suspicious activitiesand build detections on it. We ensure that critical security components are present throughout the infrastructure powering these services and that these components are kept up to date.

Required Qualifications:

• 5 to 7 years of technical experience in cyber security research, includingproficiencywith tools such as SQL, KQL, Scala, Python,JupyterNotebook, Spark, R, U-SQL, and Power BI. Experience automating repeatable security tasks through scripts or logic apps.

• Experience with security monitoring and response, including use of MITRE or other attack frameworks toidentifyand address gaps in detection capabilities. Knowledge of thedetectionresponse lifecycle and participation in on-call rotations. Skills in reverse-engineering attacks,analysingand prototyping detections to prevent and mitigate threats and abuse. Ability toanalysedata flow within environments for detection and protection purposes.

• Practical experience applying knowledge to detect threats using log data from Cloud Service Provider (CSP) environments, such as Azure AAD, Azure Resources, event logs, and firewalls. Experienced in building andanalysingnew TTPs and creating detections.

Preferred Qualifications:

An exceptionally well-qualified candidate will meet one or more of the following criteria:

• Bachelor's degree in related discipline such as computer security, computer science, computer engineering or information technology.

• Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, Diamond Model and Advanced Persistent Threat(APT) performingDetection andresearchwithin Cloud environments.

• Deep and practical OSsecurity/internals knowledge for Linux and Windows

• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS,KeyVault, EventHub, Azure Active Directory (AAD), etc.

• Hands-on experience with developer environment tools like Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps, GitHub, and Agile Scrum

• Ability to work effectively in ambiguous situations and respondfavourablyto change.

• Self-motivated and comfortable working in a startup mode on a new team where there is lots of opportunity.

• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, etc. are plus

Background Check Requirements:

Applicants must have the ability to meet Microsoft, customer, and/or government security screening requirements required for this role.These requirements include, but are not limited to, the following:

to passthe Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• Conduct in-depth research and analysis of emergingtactic,techniquesand procedures(TTP’s)targeting M365 systemsandability to emulate attacks in controlled environment

• ,implementandcollaboratewith internal teams emulating those attacks and buildadvanced detections toidentifymalicious activities within massive, distributed datasets.

• M365

• Develop automation tools,enrichmentsand processes to streamlineresearch ideas, detection, and incident response workflows.

• automatedtailored scenarios for evaluating detection performance.

• an optimalsignal-to-noise ratio by performing regular analyses of hit ratios, conducting tuning checks to confirm that detections are effective, and minimizing unnecessary noise or false positives within the triage queue.

• Experience with detectionmetric dashboards andKPI’s usedfor anynewresearch items and detection effectiveness.

• Use engineering best practices throughout the software development lifecycle toestablishmaintainable, reliable, and secure systems.

• Collaborate with teammates in various roles to plan and execute on key deliverables.