Security Analyst – Security Service Line

Microsoft (Posted 10 Jan 22)

Do you have a passion for helping Microsoft’s clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? Are you interested in a fast-paced job full of new opportunities? If so, you might be a candidate for the Microsoft Detection and Response Team (DART) within our Security Service Line (SSL) organization. The team is looking for a strong, experienced Incident Response Analyst(s) to join the investigation team of advanced cyber-attacks for our worldwide commercial and public-sector enterprise customers as part of our end-to-end security service line. Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us achieve our mission. Industry Solutions helps Microsoft customers around the world get the best outcomes from their investments in the latest Microsoft cloud technologies. We focus on empowering customers on their digital journey, from envisioning new possibilities to delivering solutions that result in targeted business outcomes and a great customer experience. Responsibilities Responsibilities:

  • Monitor customers via Microsoft Security Stack and provide advanced detection and response service though security event analysis and review

  • Perform live response data collection and analysis on files of interest

  • Perform triage and collect data on relevant events

  • Determine and validate findings and conclusions

  • Perform incident response and basic malware analysis to investigate incidents

  • Help navigate the customer from incident response triage into the incident response process if findings are substantiated

  • Resolve false positives and communicate effectively with other stakeholders

  • Maintain current knowledge of tools and best-practices in forensics and incident response and an understanding of advanced persistent threats, including: tools, techniques, and procedures of attackers

  • Collaborate with other Microsoft incident responders, security intelligence groups, and product groups to provide feedback on detection gaps and features to improve customer security posture.

If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Microsoft’s Detection and Response Team (DART).  #DART Other

  • On-call work will likely be required as is demanded by the needs of our customers and our business. Position location is flexible.

  • Embody our culture and values

Qualifications Required Qualifications:

  • Bachelor's Degree in Computer Science, Engineering or comparable 5+ years’ experience in the security field

    • Or equivalent experience

Preferred Qualifications

  • Experience with incident response management and case triage

  • Experience with reviewing and analyzing data logs from various security platforms, Microsoft Security Stack preferred (Defender for Endpoint, Defender for Identity, Sentinel)

  • Excellent understanding of Windows internals and where trace evidence can be found

  • Understanding forensic artifacts

  • Experience with the following is highly preferred:

    • Active Directory

    • Incident Response or other relevant security analyst related experience

    • APT actor group evidence handling

    • Familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and attack Tools, Techniques, and Procedures (TTPs)

    • Familiarity and understanding of basic SQL or KQL queries

    • Microsoft Azure and/or Office 365 platform knowledge and experience

    • Understanding technology and security principles and possess knowledge of the cyber threat landscape

    • Experience navigating and working with a case management system

Source: https://careers.microsoft.com/us/en/job/1223583/Security-Analyst-Security-Service-Line

PreviousDigital Forensic Incident Response Analyst (Malware Analysis)NextDigital Forensic Specialist

Last updated