Microsoft Cybersecurity Threat Hunter Forensic Analyst 

United Kingdom, England 

843776821

who are, and good knowledge of nation state and cybercrime attack techniques.A desire to fail fast and learn quicklycritical, along with strong analytical and critical thinking skills

Along with working reactive incident responsehunters should be able toconduct research into novel techniques, have excellent documentation skills, andbe confident in. Thought leadership is also akey priorityin the form of written and spoken content delivered both internally and externally.culture and values.

Required / Minimum Qualifications:

Degree in Statistics, Mathematics, Computer Science or related field ORin software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.

In-depth knowledge of one or more of the following disciplines:

• Windows forensics and an understandingof keyforensic artifacts (Event Logs, Prefetch,Shimcache,Amcache,ShellBags, etc.)

• Linux, and/or macOS forensics

• Cloud forensics,includingidentity attack artefacts,lateral movement techniques and knowledge of PaaS, SaaS and IaaS systems such as Azure and Office 365 forensics

• actor tactics, techniques, and procedures (TTPs)

• Ability to correlate dataand identity outliers indisparate data sources

• Understanding of security products within an IT environment in multiple layers of the security stack (Antivirus, EDR, IDPS, proxy, firewall, VPN, email, etc.)

• pplied knowledge of the MITRE Attack Framework

Additional or Preferred Qualifications:

• Experience with third-party security products, including but not limited to, Splunk, CrowdStrike Falcon,QRadar, etc.

• Experience with Kusto Query Language (KQL)

• Experience with malware analysis

• Experience with the intelligence cycle, and generating threat intelligence from investigative findings

• Experience performing large scale investigations of advanced adversaries

• Published research (blogs, presentations,etc) on novel threat actor TTPs

• Mentorship of junior investigators

Technical Delivery

• ontextualizingand prioritizingfindings to put together a comprehensive account and briefing of the events that transpired during a security incident

• together multiple disparate events to build and communicate a cohesive timeline of activity

• Discovering attacker persistence (if present)

• Determining attacker activity on known compromised systems

• Identifying potential threats – allowing for proactive defence before an actual incident

• Providing recommendations to improve cybersecurity posture going forward

• Performing knowledge transfer to prepare customers to defend against today’s threat landscape

Security threatare constantly evolving,this role will involve:

• ing, analyzing, and summarizingsecurity threats,sharing

• ying, conducting, and supportingothers in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature

• ingcomplex issues using multiple data sources to develop insights and identify security problems and threats. Creatingnew solutions to mitigate security issues

• ingprioritization and validation methods for technical indicators,developingtools to automate analyses

• Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources

Thought Leadership

This role includes the ability tobe at the forefront

• written content for publication on Microsoft blog platforms

• Developing presentations for delivery at internal and external conferences

• reate uniquestorytelling moments

Operational Excellence

Must be maintained by:

• ingoperational tasks and readinesswithtimeliness and accuracy.

• ing

• ingbyexample and guiding