Microsoft Senior Cyber Investigations Analyst 

United States, Washington 

689201375

Required/Minimum Qualifications

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
• OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
• 3+ years of experience working with adversary & cyber intel frameworks such as kill-chain model, ATT&CK framework, and Diamond Model.
• 3+ years experience with big data and Security Information & Event Management (SIEM) solutions such as ArcSight, Splunk, ElasticSearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, or Azure Sentinel.
• 3+ years experience working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, Azure Synapse, R, U-SQL, Python, Splunk, and PowerBI.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.

Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications

• Previous experience performing development and code debugging with functional or object-oriented programming such as .NET or Java.
• Demonstrate ability to understand and communicate technical details with varying levels of management.
• Expectation to learn new tools and techniques every day.
• Good working knowledge of common security, encryption, and protocols such as encryption, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH.
• Past experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams.
• Deep and practical OS security/internals knowledge for Linux and Windows.
  Exposure to security related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis.
• Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.
• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
• Hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.
• Ability to work effectively in ambiguous situations and respond favorably to change.
• Comfortable working in a startup mode on a new team where there is lots of opportunity.
• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until July 1, 2024.

• Respond to and investigate sophisticated threats with information from a wide variety of sources, and ensure similar scenarios are prevented in the future.
• Perform forensic investigation on suspected compromised assets and analyze log data to determine what occurred.
• Collaborate with the team to create adversary eviction and incident remediation plans.
• Analyze and improve situational awareness, monitoring coverage, and incident response capabilities
• Investigate, analyze and eradicate threats proactively
• Design, develop, and deliver tooling to assist the investigative process.
• Create technical documentation for other analysts and other teams to follow.
• Embody our