Microsoft Security Operations Engineer 

United States, Puerto Rico 

741862197

Required/minimum qualifications

• 1+ year(s) of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
• Write, speak and read fluently in English

Identification and Detection of Control Failures

• Using existing systems, monitors existing controls (e.g., network, identity, high security) against security requirements and drives resolution or escalates as needed. Finds opportunities to leverage and contribute to the internal Microsoft community.

Automation

• Implements new automation as directed. Identifies issues with automation and escalates as needed. Executes on direction to evaluate and leverage existing automation where possible. Works with others to identify most valuable investment in automation.

Translate Security Policy and Standards into Effective Controls

• Upholds controls to enable enforcement of security policies and standards for the service and escalates potential departures from policy and standards appropriately. Learns security policy and standards. Shares learnings with others.

Collaboration

• Works with internal and external parties as directed to push solutions to the environment to address specific threats.

Customer/Partner Experience

• Upholds standards for customer and partner experience; escalates issues appropriately for resolution. Advocates for customer needs to drive optimal customer experience. Defines customer and partner requirements, anticipates needs, and measures quality of experience.

Data-Driven Analysis

• Compiles metrics and key performance indicators (KPIs) and other data sources (e.g., bugs, unhealthy data pipeline) to identify potential issues (e.g., usage patterns, identification anomalies). Understands and uses existing KPIs and metrics to identify potential issues. Identifies patterns of anomalies and behaviors.

Security Incident Response

• Utilizing guidance and key operating procedures, analyzes specific aspects of attempted or successful efforts to compromise systems security. Escalates findings as appropriate within agreed response times. Develops ability to analyze independently and make recommendations.

Monitoring and Detection

• Uses monitoring techniques to identify potential or actual intrusions. Analyzes alerts and escalates appropriately. Creates detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]). Continues to drive automation of detection and response.

Red/Purple Team Operations

• Executes tactical processes across kill chain. Distinguishes effective from ineffective tactics and reports accordingly to inform security posture. Maps tactics to MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix and assesses when targets pass and fail against known techniques.

Threat Intelligence and Analysis

• Under direction, analyzes trends in threats that inform prioritization for defense-building capabilities.

Other

• Embody our culture and values