Microsoft Security Operations Engineer - SOC Tier Analyst 

Taiwan, Taoyuan City 

14880209

As a Security Operations Engineer - SOC Tier 2 Analyst you support a managed security service for Microsoft working on a long-term cloud integration program. The Security Operations Engineer is responsible for executing a managed cyber security service and will make sure this meets customer contractual requirements and is targeting “goal” zero for all cybersecurity incidents. As a Tier 2 Analyst you will play a critical role in identifying, analysing, and mitigating complex security incidents and breaches within the organizations network and systems. You will work with a wide range of teams to ensure the overall safety and security of the environment and work closely with key stakeholders.

Required Qualifications:

• Bachelor's Degree in Statistics, Mathematics, Computer Science or related field
• OR Experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology.
• Relevant certifications such as Certified Incident Handler (GCIH), Certified SOC Analyst (CSA), Certified Threat Intelligence Analyst (CTIA)
• Relevant Microsoft certifications such as Azure Security Engineer Associate (AZ-500), Security Administrator Associate (MS-500), Identity and Access Administrator Associate (SC-300).
• Proven experience in a SOC environment, preferably with a focus on Microsoft Defender suite and Microsoft Sentinel.

Other Qualifications:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Master's Degree in Statistics, Mathematics, Computer Science
• OR related field
• OR Experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
• CISSP CISA CISM SANS GCIA GCIH OSCP Security+
• Experience reading and/or writing code (e.g., sample documentation, product demos).
• In-depth knowledge of security operations center concepts, processes, technologies, tools (technical skills and hands-on experience with various security solutions such as SIEMs (e.g., IBM QRadar), SOARs (e.g., Microsoft Sentinel, Defender suite), XDRs (e.g., CrowdStrike Falcon), threat intelligence platforms (e.g., Recorded Future), vulnerability scanners (e.g., Qualys)), frameworks, standards, and regulations AND OR proficiency in Kusto Query Language (KQL).
• Understanding of advanced cybersecurity concepts, threat landscape, and attack methodologies AND OR experience with the creation, configuration and use of Playbooks, Notebooks and Workbooks.
• Demonstrated experience in conducting in-depth incident analysis, threat hunting, and forensic investigations.

• Incident Triage: Investigate and triage security alerts escalated from Tier 1 SOC analysts, determine severity and potential impact of the incident, and follow the triage process until closure.
• Threat Analysis: Conduct in-depth analysis of security events to identify malicious activities, tactics, techniques, and procedures used by threat actors.
  Security Incident Handling: Assisting with the containment, eradication, and recovery process in response to security incidents.
• Vulnerability Assessment: Participating in vulnerability assessment and management activities to identify and remediate security weaknesses.
• Security Tool Management: Managing and configuring security tools, specifically Microsoft Sentinel and the Microsoft Defender suite including Defender for Cloud and Microsoft 365 Defender.
• Threat Intelligence: Utilizing threat intelligence feeds and sources to stay up-to-date with the latest threats and vulnerabilities.
• Collaboration: Collaborating with other members of the SOC team, as well as external and internal stakeholders.
• Continuous Improvement: Contributing to the improvement of SOC processes, procedures, and documentation, including the creation and upkeep of Analytics Rules,
• Playbooks/Notebooks/Workbooks within Microsoft Sentinel.
• Leadership: Mentor SOC Tier 1 Analysts to improve detection/analytical capabilities within the
• SOC and monitor SOC Tier 1 Analyst performance.