Microsoft Senior Security Researcher - Global Hunting 

Israel, Tel Aviv District 

231831370

Embody our and

Required Qualifications:

• 6+ years experience in cyber security or large scale computing, and/or anomaly detection.
  OR Experience with threat hunting/ digital forensics/reverse engineering/incident response etc.
  OR Master's Degree in Statistics, Mathematics, Computer Science or related field

Other Requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Investigation/Cybersecurity/Digital Forensics/DFIR (Digital Forensic Incident Response) certifications (e.g. Certified Information Systems Security Professional (CISSP), SysAdmin, Audit, Network and Security (SANS), Global Information Assurance Certification (GIAC) etc.)
• Technical certifications based on domain (e.g., Azure, SharePoint)
  
• Experience with Active Directory and/or cloud identity.
• Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
• Use of forensic analysis tools such as X-Ways Forensics®, WinHex®, Encase®, FTK®, etc. Microsoft Azure and/or Office365 platform knowledge and experience
• Experience with various forensic log artifacts found in Security Informationa and Event Management (SIEM) logs, web server logs, Antivirus (AV) logs, protection logs such as Host-based Intrusion Detection Systerm (HIDS) and Network Intrusion Detection System (NIDS) logs
• Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
• Understanding of Windows and Azure internals and where trace evidence can be found
• Knowledge of third-party cybersecurity solutions, especially Extended Detection and Response (EDR) and Security Information and Event Management (SIEM) solutions
• Experience working with consulting companies is a plus.
• Linux and/or macOS forensic analysis and threat hunting skills
  

This role is part of a collaborative team, assisting our customers with:

• Performing analysis of attacker activity in on-premises and cloud environments
• Identifying potential threats, allowing for proactive defence before an actual incident
• Notifying customers regarding imminent attacker activity
• Providing recommendations to improve customers’ cybersecurity posture going forward and performing threat intelligence knowledge transfer to prepare customers to defend against today’s threat landscape
• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
• Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
• Identifies, prioritizes, and targets complex security issues that cause negative impact to customers. Creates and drives adoption of relevant mitigations and provide proactive guidance
• Works with others to synthesize research findings into recommendations for mitigation of security issues. Shares across teams. Drives change within team based on research findings.