Microsoft Principal Security Researcher 

Taiwan, Taoyuan City 

181662352

If so, you may be a fit for a

Required/Minimum Qualifications:

Experience in software development lifecycle, large-scale computing, modelling, cybersecurity, threat hunting and/or anomaly detection

OR Master's Degree in Statistics, Mathematics, Computer Science or related field.

This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Additional or Preferred Qualifications:

• Proficient experience in software development lifecycle, large-scale computing, modeling, cybersecurity, threat hunting and/or anomaly detection
• OR Doctorate in Statistics, Mathematics, Computer Science or related field.
• Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
• Strong understanding of malware and the modern threat landscape, especially identity-based attacks
• Familiarity and understanding of SQL or Kusto Query Language (KQL) queries (or experience with large database/SIEM query languages such as Splunk/Humio/Kibana, etc.)
• Familiarity and understanding of Jupyter Notebooks, or building equivalent threat hunting automations with scripting languages
• Consulting background
• Active Directory subject matter expertise
• Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
• Use of forensic analysis tools such as X-Ways Forensics®, WinHex®, Encase®, FTK®, etc
• Microsoft Azure and/or Office365 platform knowledge and experience
• Experience with various forensic log artifacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
• Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
• Excellent understanding of Windows internals and where trace evidence can be found
• Knowledge of third-party cybersecurity solutions, especially EDR and SIEM solutions
• Linux and/or macOS forensic analysis and threat hunting skills
• Technical certifications based on domain (e.g., Azure, SharePoint)
• Project Management certifications (e.g., PMP, Scrum)
• Investigation/Cybersecurity/Digital Forensics/DFIR certifications (e.g. CISSP, SANS GIAC, etc)
• Ability to obtain and maintain a Security Clearance.

Responsibilities:

This role is part of a collaborative team, assisting our customers with:

• Performing deep analysis of attacker activity in on-premises and cloud environments
• Identifying potential threats, allowing for proactive defence before an actual incident
• Notifying customers regarding imminent attacker activity
• Providing recommendations to improve customers’ cybersecurity posture going forward and performing threat intelligence knowledge transfer to prepare customers to defend against today’s threat landscape
• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
• Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
• Identifying, prioritizing, and targeting complex security issues that cause negative impact to customers. Creating and driving adoption of relevant mitigations and providing proactive guidance
• Working with others to synthesize research findings into recommendations for mitigation of security issues. Sharing across teams. Driving change within team based on research findings.