Required Qualifications:- 3+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
- 3+ years of experience working with adversary & cyber intel frameworks such as kill-chain model, ATT&CK framework, and Diamond Model.
- 3+ years' experience with big data and Security Information & Event Management (SIEM) solutions such as ArcSight, Splunk, ElasticSearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, Azure Sentinel, etc.
- 3+ years' experience working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, R, U-SQL, Python, Splunk, and PowerBI.
Other Requirements
Ability to meet Microsoft, customer and/or governmentsecurityscreening requirements are required for this role. These requirements include, but are not limited to the following specializedsecurityscreenings:
- This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide proof of citizenship, U.S. permanent residency, or other protected status (e.g., under 8 U.S.C. § 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
- This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United Statesgovernment agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.
- Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications:
- Bachelor's degree in related discipline such as computer security, cyber security, computer science, computer engineering or information technology.
- Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, and Diamond Model.
- Good working knowledge of common security, encryption, and protocols such as encryption, AuthN/AuthZ, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH
- Past experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams.
- Deep and practical OS security/internals knowledge for Linux and Windows
- Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
- Hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum
- Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.
- Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: