CASY-MSCCN Jobs

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

We are the Microsoft 365 Defender Experts team, and we are committed to defending Microsoft customers from sophisticated cyber-attacks and adversaries. Our mission is to help protect customers with truly innovative proactive approach, advising on emerging trends, and engaging in valuable partnerships. As the Research organization within Defender Experts, it’s our job to stay one step ahead of malicious adversaries and predict the threats of the future. We work with partners across Microsoft to innovate new approaches for detecting and tracking threats, attacker techniques, their tools and infrastructure. We are always learning. Insatiably curious. We lean into uncertainty, take risks, and learn quickly from our mistakes. We build on each other’s ideas, because we are better together. Together we make a difference to all of our customers, from end-users to Fortune 50 enterprises. Our security products are brought together in the Microsoft 365 Defender (M365D) suite. M365D enables Microsoft’s enterprise customers to detect, investigate, understand, and respond to advanced threats on their networks via a combination of behavioral sensors, security analytics, and threat intelligence. We are looking for a Threat Analyst to join our defender Experts team. In this role you will use deep knowledge of the attacker landscape and rich telemetry from our sensors across wide range of Microsoft security products to respond to the potential adversaries or suspicious activities in the customer environment. Ensuring that no human adversary can operate silently begins with experts harnessing the powerful optics provided by M365D, across the attacker kill-chain, coupled with world-class detections. We’re looking for a skilled Threat Detection Engineer to harness the power of Microsoft’s trillions of security signals to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of detection development objectives, and drive innovations for detecting advanced attacker tradecraft.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Responsibilities: Incident Response: Quickly and effectively respond to security incidents, leveraging your expertise in M365 Defender for threat identification and mitigation. Collaborate with cross-functional teams to coordinate incident response efforts, utilizing M365D features for comprehensive security incident handling. Threat Hunting: Proactively search for indicators of compromise (IoCs) and emerging threats within our environment, utilizing M365 Defender's threat hunting capabilities. Develop and execute threat hunting strategies with a strong emphasis on M365D to identify and neutralize potential security risks. Forensics: Conduct digital forensics investigations to analyze and understand the root cause of security incidents, utilizing M365 Defender logs and data. Document findings and prepare comprehensive incident reports for internal and external stakeholders, incorporating insights from M365D analytics. M365 Defender Expertise: Demonstrate in-depth knowledge and hands-on experience with M365 Defender, including Defender for Endpoint, Defender for Office 365, and Defender for Identity. Utilize M365D features for endpoint protection, email security, and identity threat detection. Security Monitoring: Monitor security alerts and events, ensuring timely identification and escalation of potential threats with a focus on M365 Defender's monitoring capabilities. Utilize M365D and other SIEM tools to enhance the organization's security posture. Collaboration and Communication: Work closely with other SOC team members and IT personnel to share threat intelligence and enhance overall security awareness. Communicate effectively with stakeholders, providing clear and concise updates on incident response activities. Foster collaboration with external partners and vendors, ensuring a cohesive and comprehensive approach to cybersecurity.

• This role involves working in a 24x7 shift pattern

Qualifications

• Qualifications: Bachelor's degree in a relevant field or equivalent work experience.

• 3-4 years of experience in a SOC environment, with a focus on incident response, threat hunting, and forensics, specifically leveraging M365 Defender.

• Proficiency in using SIEM tools and other security technologies. Ability to track, analyze, and brief on new and ongoing cyber-attacks with understanding of identity and popular authentication/authorization protocols

• Experience using analysis tools (e.g. file/network/OS monitoring tools and/or debuggers) and knowledge of operating system internals and security mechanisms

• Experience in XDR Technolgies MXDR (e.g. Microsoft Defender for XDR) Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models

• Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks

• Experience with advanced persistent threats and human adversary compromises

• Strong understanding of attacker mindset and ability to apply defensive tactics to protect against it Broad, general familiarity with the threat landscape affecting enterprise customers Good verbal and written communication skills in English Cyber security-based certifications such as CISSP, OSCP, CEH, or GIAC certifications.

• Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .