Microsoft Security Research II 

Taiwan, Taoyuan City 

436404091

Required Qualifications

• years experiencein software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection

• Bachelor's Degreein Statistics, Mathematics, ComputerScienceor related field

Preferred Qualifications

• years experiencein software development lifecycle, large-scale computing, modeling, cyber-security, and/or anomaly detection

• Master's Degreein Statistics, Mathematics, ComputerScienceor related field

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until April 28, 2025.

Responsibilities

onducting Research

• Identifies

• adhoc or as needed basis.

• Performs analysis using multiple data sources to generate insights. Considers common and potential threat scenarios and dependencies in analyses. Attends to and understands connections between identified issues and up- and-down streamprocesses. Helps to drive resolution to systemic security issues. Aids in the creation ofnew solutionsto mitigate security issues. Makes tradeoffs to balance security and operational needs.

• Prioritizes andvalidatestechnical indicators. Aggregatesthreatdata into categories and themes that align to intelligence requirements or customer requests.Takes into consideration relative risk factors, history of published vulnerabilities and existing security knowledge into their analysis.Develops tools toassistin automating the analysis of acomponentor feature area.

• Cleans, structures, and standardizes data and data sources. Supports data quality efforts to ensuretimelyand consistent access to data sources.Curatessources of data and partners to develop and sustain data access. Understands how to find new data sources.

• Identifiesand addresses underlying causes of security shortcomings. Develops security guidance and models to address shortcomings and to build best practices. Suggests and drivesappropriate guidance, models, response, and remediation for issues.

• Drives end-to-endsolutionfor technical implementation and automation related to specific kinds or classes of security issues (e.g., signature detection, malware, threat analysis, reverse engineering). Develops higher level awareness of other kinds of security issues outside areas of expertise. Works across disciplines to solve specific issues. Uses results from research and experimentation to guide architecture or product direction.

• Identifiesand responds to customer and partner security issuesin a timely manner.Spotstrends and potential security issues. Advocates for customers and partners.Provides assistance tocustomers and partners.Leveragespartner and customer feedback to improveassistance. Escalates issues as needed. Develops guidance and education that result from resolution of security issues.

• Identifiesareas of dependency and overlap with other teams or team members. Provides constructive input so the work is integrated andtimely. Communicates status with others to allow fortimelyresolution and coordination. Helps teamsidentifyrisks,dependenciesand other blocking issues.Enables others to take action to resolve issues.

• Protects tools, techniques, information, and results of security practices. Assesses efficacy of operational security (e.g., red-on-red pen testing). Begins to master techniques.

• maintainingthe quality of products and services. Takes notes during incidents andparticipatesin postmortem and root-cause analysis processes.

• Creates analysis report. Follows up on the findings and recommendations, escalating blocking issues as needed.Identifiespotential security vulnerabilities by reviewing documentation and specifications. Develops facts and libraries of guidance.

Industry Leadership

• Exhibits subject matterexpertisein class or set of security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities). Provides guidance to others in areas of expertise.Maintains current knowledge by investing time and effort. Proactivelyseeksopportunities to learn. Demonstratesappropriate risktaking and ethical behavior.

• Learns and understands the current state of the industry, including knowledge of tools, techniques, strategies, and processes that can beutilizedto improve security. Maintains knowledge of current trends within the industry.

• Embody our