Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Microsoft Senior Cyber Investigations Analyst 
United States, Washington 
689201375

16.07.2024


Required/Minimum Qualifications

  • 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
    • OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
  • 3+ years of experience working with adversary & cyber intel frameworks such as kill-chain model, ATT&CK framework, and Diamond Model.
  • 3+ years experience with big data and Security Information & Event Management (SIEM) solutions such as ArcSight, Splunk, ElasticSearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, or Azure Sentinel.
  • 3+ years experience working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, Azure Synapse, R, U-SQL, Python, Splunk, and PowerBI.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.

Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications

  • Previous experience performing development and code debugging with functional or object-oriented programming such as .NET or Java.
  • Demonstrate ability to understand and communicate technical details with varying levels of management.
  • Expectation to learn new tools and techniques every day.
  • Good working knowledge of common security, encryption, and protocols such as encryption, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH.
  • Past experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams.
  • Deep and practical OS security/internals knowledge for Linux and Windows.
    Exposure to security related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis.
  • Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.
  • Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
  • Hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.
  • Ability to work effectively in ambiguous situations and respond favorably to change.
  • Comfortable working in a startup mode on a new team where there is lots of opportunity.
  • Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until July 1, 2024.

Responsibilities
  • Respond to and investigate sophisticated threats with information from a wide variety of sources, and ensure similar scenarios are prevented in the future.
  • Perform forensic investigation on suspected compromised assets and analyze log data to determine what occurred.
  • Collaborate with the team to create adversary eviction and incident remediation plans.
  • Analyze and improve situational awareness, monitoring coverage, and incident response capabilities
  • Investigate, analyze and eradicate threats proactively
  • Design, develop, and deliver tooling to assist the investigative process.
  • Create technical documentation for other analysts and other teams to follow.
  • Embody our