Microsoft Threat Intelligence Analyst 

Ireland, Dublin 

143141503

• Experience producing actionable threat intelligence on targeted and advanced persistent threats enabling network and host defences in external organizations with demonstrable impact
• Expertise tracking APT adversaries leveraging the Diamond Model to identify and characterize various TTPs, capabilities, infrastructure, and operational campaigns
• Experience performing actor tracking/investigation/threat intelligence/SOC work
• A good understanding of how the internet works, that is, relevant network protocols (HTTP, TLS, TCP/IP, UDP, DNS, etc), OAuth.

Familiarity in at least one of the following:

• (1) cloud intrusion analysis in adversary operations;
• (2) Analysing sophisticated malware samples used in targeted attacks against large corporate or government entities;
• (3) Analysing host forensic and log data associated with advanced targeted adversaries

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• Perform daily actor tracking, either for nation state actors, or e-crime
• Define, develop, and implement techniques to discover and track current adversaries and identify the attacks of tomorrow
• Write Azure Data Explorer (KQL) queries to search in telemetry.
• Write Storm queries (for the Vertex Synapse tool) to search telemetry
• Threat intelligence content production - Writing up findings in a clear, unambiguous manner such that your peers can easily understand your investigation, and why and how you came to any conclusions.
• Work with engineers/developers/data scientists to develop more complex systems that solve analyst’s needs.