Microsoft Cybersecurity Threat Hunter Forensic Analyst 

New Zealand 

696701238

Minimum required qualifications

• 5+ years of relevant work experience
• In-depth knowledge of digital forensics in relation to the Windows operating system, including the ability to parse and interpret various artifacts accurately to provide historical context when perform an investigation
• Equivalent knowledge in Linux, macOS, and memory captures also desirable
• Experience acquiring both disk and memory images
• Experience conducting forensic investigations involving the collection and analysis of data from Microsoft cloud products - including both Microsoft Entra ID and Azure workloads
• Equivalent knowledge in third-party Cloud and identity providers also desirable
• In-depth knowledge of enriching investigations utilizing a SIEM solution - from understanding what artifacts should be centralized and for how long, to how that data is structured within various SIEM products and familiarity with querying those solutions effectively
• Including the analysis of data ingested from additional sources such as firewalls, VPNs, third-party AV and EDR solutions
• Familiarity with Kusto Query Language or similar database query language for manipulating data
• Experience with programming/scripting
• Approaches Threat Hunting with a data science focused mindset, and is intimately familiar with different hunting methodologies and their place within the analysis cycle e.g. leveraging known threat intelligence sources to perform IOC Hunting vs hunting for common attacker behaviors with TTP Hunting vs identifying and investigating outliers across large datasets with Anomaly Hunting
• Ability to take a risk-based approach when hunting through large datasets, including the ability to generate targeted recommendations based on those findings depending on the overarching incident, and to raise time-sensitive remediation actions when appropriate
• Extensive experience Threat Hunting in both reactive incident response scenarios to identify initial access, lateral movement, persistence mechanisms, staging and exfiltration, and impact, and proactive scenarios to identify opportunities to reduce unnecessary risk, improve overall maturity, or evidence of an undiscovered compromise

Additional Qualifications

• Familiarity with effective operational management processes to ensure effective tasking amongst your internal team members when managing hunting through expansive datasets in a limited window of time
• Ability to operate effectively in high pressure incident response environments where customers are experiencing a potentially business-ending event and your findings dictate their next steps
• Ability to communicate complex and technical findings effectively to customer representatives of varying levels - from deep and accurate forensic findings bring shared with security analysts, through to communicating the effective impact of your findings to the C-suite level
• Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
• Experience with some of the following is a distinct advantage:
• Demonstrated history of working as a threat hunting analyst, engineer and consultant to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases
• Proven experience in helping enterprises manage vulnerabilities, measure security and ensure compliance
• Recognized as a subject matter expert in various security disciplines with a deep understanding of real-world APT tools, tactics, and procedures
• Cloud SaaS and PaaS experience and an understanding of investigations in those environments (Azure, AWS, Google) and leveraging cloud for investigation scale
• Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, DeTT&CT and modern penetration testing techniques
• International consulting experience is a plus
• Eligibility for a government security clearance is a plus.

Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.

In the meantime, please see our , and for more information on our recruitment process.

Responsibilities:

• Responding to security incidents as threat hunter and digital forensics analyst when our customers are under cyber attack
• Conduct threat hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise
• Conduct incident response within various Cloud platforms
• Identify attacker tools, tactics, and procedures to develop indicators of compromise
• Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
• Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
• Lead end-to-end incident response investigations with Microsoft’s customers
• Produce comprehensive and accurate oral and written out-briefs and presentations for both technical and executive audiences
• Effectively communicate and interface with customers, both technically and strategically, from the executive level to customers, stakeholders, and legal counsel
• Strong analytic, qualitative, and quantitative reasoning skills
• Excellent time management, writing and communication skills
• Assisting in the development of pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk.
• Identifying and recommending solutions that improve or expand Microsoft’s incident response capabilities.
• Providing security engineering solutions and support during customer-facing incidents, proactively considering the prevention of similar incidents from occurring in the future.
• Working alongside and mentoring Cybersecurity analysts and engineers to improve security, reduce and quickly address risk.
• Evaluating the impact of current security trends, advisories, publications, and academic research to Microsoft, cascading learnings as necessary across partner teams
• Operating and continually improving existing threat hunting, threat and forensic analysis and investigation process, as well as the development of new processes in response to evolving threats and business requirements.
• Leverage input from Cyber Threat Intelligence (CTI) team, including strategic, operational and tactical intelligence to benefit customer investigations
• Keeping your knowledge and skills current with the rapidly changing threat landscape.
• Participating in a follow-the-sun on-call rotation.