Required/Minimum Qualifications:
- 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
- o OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
- 5+ years of experience in information security incident handling and/or security operations.
- Experience triaging security vulnerabilities and driving product and/or service response.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.
Preferred/Additional Qualifications:
- Experience working in a high pressure environment while maintaining focus and a professional approach.
- Experience communicating complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner.
- Experience with large scale and complex incidents of all types, including APT (Advanced Persistent Threat), DDoS (Distributed Denial of Service), malicious insider, web and mobile applications, and data exfiltration.
- Foundational knowledge in software engineering and/or cloud technologies including: cloud services, hardware, networking, architecture, protocols, file systems, and operating systems.
- Understanding of various attack vectors, threat tactics and attacker techniques ranging from APTs, Malware, DDoS, Exploits, etc.
- Desire to work in a continuous learning environment where responsibilities are matrixed across various peer teams, and where new challenges will come in each day that need to be solved with innovating thinking.
- Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc.
- Familiarity with various attack and detection frameworks like MITRE, Diamond Model, etc.
- Ability to work effectively in ambiguous situations and respond favorably to change.
- Knowledge in detection technologies and methodologies
- Deep and practical OS (Operating System) security/internals knowledge
- Experience working on security investigations in cloud services and understand the nuances of supporting cloud service investigations vs host/endpoint based.
- Experience in dealing with big data problems and excellent skills in data analytics with a focus on security Excellent interpersonal skills.
- Good knowledge of kill-chain model, ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework, and modern red team tactics and techniques.
- You will be working closely with other product group engineers across Microsoft as well as customer engineers and system administrators so effective communication skills and situational awareness is needed.
- Certifications including, but not limited to, any of the following: GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are a plus.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: