Microsoft Cybersecurity Threat Hunter Forensic Analyst 

United States 

983205621

Required/Minimum Qualifications

• 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
  • OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
• 3+ years of experience with threat actor tactics, techniques, and procedures (TTPs)
• 3+ years of experience with Windows forensics and an understanding of key forensic artifacts (Event Logs, Prefetch, Shimcache, Amcache, ShellBags, etc.)
• 3+ years of experience with Cloud forensics, including identity attack artefacts, lateral movement techniques and knowledge of PaaS, SaaS and IaaS systems such as Azure and Office 365 forensics

Additional or Preferred Qualifications

• 6+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
  • OR Doctorate in Statistics, Mathematics, Computer Science or related field
• Experience with third-party security products, including but not limited to, Splunk, CrowdStrike Falcon, QRadar, etc.
• Experience with Kusto Query Language (KQL)
• Experience with malware analysis
• Experience with the intelligence cycle, and generating threat intelligence from investigative findings
• Experience performing large scale investigations of advanced adversaries
• Published research (blogs, presentations, etc) on novel threat actor TTPs
• Mentorship of other investigators
• Ability to correlate data and identity outliers in disparate data sources
• Understanding of security products within an IT environment in multiple layers of the security stack (Antivirus, EDR, IDPS, proxy, firewall, VPN, email, etc.)
• Applied knowledge of the MITRE Attack Framework

Technical Delivery

This role will work as part of a collaborative team assisting our customers with:

• Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
• Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
• Discovering attacker persistence (if present)
• Determining attacker activity on known compromised systems
• Identifying potential threats – allowing for proactive defence before an actual incident
• Providing recommendations to improve cybersecurity posture going forward
• Performing knowledge transfer to prepare customers to defend against today’s threat landscape

Security threats are constantly evolving, and so must the Microsoft Incident Response team. To that end, this role will involve:

• Researching, analyzing, and summarizing security threats, sharing across the team
• Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
• Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats. Creating new solutions to mitigate security issues
• Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
• Leads efforts to clean, structure, and standardize data and data sources; leads data quality efforts to ensure timely and consistent access to data sources

Thought Leadership

This role includes the ability to be at the forefront of Microsoft Security thought leadership by:

• Developing written content for publication on Microsoft blog platforms
• Developing presentations for delivery at internal and external conferences
• Use the unique experiences of Microsoft Incident Response to create unique storytelling moments

Operational Excellence

Must be maintained by:

• Completing operational tasks and readiness with timeliness and accuracy.
• Following Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines).
• Leading by example and guiding team members on operational tasks, readiness, and compliance.