Are you excited about cyber security?
Are you passionate about protecting customer data?
Are you eager to catch threat actors, research for their TTP’s and write detections that process massive datasets efficiently?
Are you interested in solving problems leveraging distributing computing, hybrid architectures and cloud technologies?
If so, the M65 Security Engineering at Microsoft have a great opportunity for you. We are looking for candidates to work on solutions that protect Microsoft services against cyberattacks. We are a team that values diversity of multiple fronts and believes in deep collaboration bringing the best side of technology. Our team consists of engineers with expertise in large-scale software systems, security analysis, and machine learning. We delight in digging in deep to analyse the billions of events and terabytes of data generated each day by all Microsoft products and services (e.g., M365, Azure) for evidence of suspicious activities and build detections on it. We ensure that critical security components are present throughout the infrastructure powering these services and that these components are kept up to date.
-
Conduct in-depth research and analysis of emerging tactic, techniques and procedures (TTP’s) targeting M365 systems and ability to emulate attacks in controlled environment
-
Design, implement and collaborate with internal teams emulating those attacks and build advanced detections to identify malicious activities within massive, distributed datasets.
-
Collaborate closely with software engineers, machine learning specialists, and security analysts to build robust, scalable security solutions for M365 services.
-
Develop automation tools, enrichments and processes to streamline research ideas, detection, and incident response workflows.
-
Applying insights from penetration testing to develop detections and collaborating with peer teams to create automated tailored scenarios for evaluating detection performance.
-
Ensure an optimal signal-to-noise ratio by performing regular analyses of hit ratios, conducting tuning checks to confirm that detections are effective, and minimizing unnecessary noise or false positives within the triage queue.
-
Experience with detection metric dashboards and KPI’s used for any new research items and detection effectiveness.
-
Use engineering best practices throughout the software development lifecycle to establish maintainable, reliable, and secure systems.
-
Collaborate with teammates in various roles to plan and execute on key deliverables.
Required Qualifications:
-
5 to 7 years of technical experience in cyber security research, including proficiency with tools such as SQL, KQL, Scala, Python, Jupyter Notebook, Spark, R, U-SQL, and Power BI. Experience automating repeatable security tasks through scripts or logic apps.
-
Experience with security monitoring and response, including use of MITRE or other attack frameworks to identify and address gaps in detection capabilities. Knowledge of the detection response lifecycle and participation in on-call rotations. Skills in reverse-engineering attacks, analysing and prototyping detections to prevent and mitigate threats and abuse. Ability to analyse data flow within environments for detection and protection purposes.
-
Practical experience applying knowledge to detect threats using log data from Cloud Service Provider (CSP) environments, such as Azure AAD, Azure Resources, event logs, and firewalls. Experienced in building and analysing new TTPs and creating detections.
Preferred Qualifications:
An exceptionally well-qualified candidate will meet one or more of the following criteria:
-
Bachelor's degree in related discipline such as computer security, computer science, computer engineering or information technology.
-
Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, Diamond Model and Advanced Persistent Threat (APT) performing Detection and research within Cloud environments.
-
Deep and practical OS security/internals knowledge for Linux and Windows
-
Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
-
Hands-on experience with developer environment tools like Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps, GitHub, and Agile Scrum
-
Ability to work effectively in ambiguous situations and respond favourably to change.
-
Self-motivated and comfortable working in a startup mode on a new team where there is lots of opportunity.
-
Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, etc. are plus
Background Check Requirements:
Applicants must have the ability to meet Microsoft, customer, and/or government security screening requirements required for this role. These requirements include, but are not limited to, the following:
Microsoft Cloud Background Check: This successful candidate to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
