Microsoft Cyber Investigations Analyst II 

United States, Washington 

257990856

Other Requirements

Ability to meet Microsoft, customer and/or governmentsecurityscreening requirements are required for this role. These requirements include, but are not limited to the following specializedsecurityscreenings:

• This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide proof of citizenship, U.S. permanent residency, or other protected status (e.g., under 8 U.S.C. § 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
• This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United Statesgovernment agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.
• Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Bachelor's degree in related discipline such as computer security, cyber security, computer science, computer engineering or information technology.
• Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, and Diamond Model.
• Good working knowledge of common security, encryption, and protocols such as encryption, AuthN/AuthZ, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH
• Past experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams.
• Deep and practical OS security/internals knowledge for Linux and Windows
• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
• Hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum
• Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.
• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.

• Respond to and investigate sophisticated threats with information from a wide variety of sources, and ensure similar scenarios are prevented in the future.
• Perform forensic investigation on suspected compromised assets and analyze log data to determine what occurred.
• Collaborate with the team to create adversary eviction and incident remediation plans.
• Analyze and improve situational awareness, monitoring coverage, and incident response capabilities
• Investigate, analyze and eradicate threats proactively
• Design, develop, and deliver tooling to assist the investigative process.
• Create technical documentation for other analysts and other teams to follow.
• Embody our and .