Are you interested in discovering and tracking emerging threats, and using that information to deliver detection to Microsoft and its customers? Are you passionate about advanced threat hunting? Do you enjoy partnering, collaborating, and driving work with different security & engineering teams to keep the company safe?  Do you like reversing malwares? We’ll give you malware to analyze. Love coding? There’s plenty to write. Are you a data buff? Come join us in Microsoft Threat Intelligence Center (MSTIC).

We are looking for a leader to help us harness the power of Microsoft’s trillions of security signals to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of hunting objectives, and drive innovations for detecting advanced attacker tradecraft. As part of our dynamic threat intelligence team, you will have an opportunity to research and build innovative approaches for detecting and tracking advanced threats and developing TTPs. You will work closely with other MSTIC leaders, reverse engineers, and signal teams to investigate threats, proactively hunt for compromise, and develop tooling and data automation. 

Responsibilities

• The Threat intelligence lead role is highly cross-functional and provides autonomy to dive deep, identify trends and permanently solve global abuse and fraud problems
• You will be responsible for defining and driving the product roadmap from conception of ideas to its execution
• You will lead a diverse research team of security analysts and threat intelligence researchers to define and execute short-term and long-term protection strategy in collaboration with our product partners and stakeholders across the Microsoft
• Investigate, analyze, and learn from security researchers, attackers, and real incidents to develop durable cloud detection solution/strategies across the kill-chain or product/OS enhancements
• You will reverse-engineer scaled attacks and perform tactical/long term mitigation of ongoing abuse against Microsoft business products through rapid prototyping of investigations workflows and enforcement rules
• Inform our understanding of emerging threats/abuse patterns to Microsoft's cloud services through the production of strategic and tactical intelligence, and implement it with the appropriate partners
• You will work effectively as part of a cross-geo team of analysts, security researchers, data scientists and developers to build out our picture of the threat landscape. You will strengthen existing partnerships and build new ones with key organizations to deliver benefit to Microsoft and its customers
• Provide exemplary leadership in an exceptionally challenging and rewarding environment and influence the organization

Hire, mentor and grow security talent within the team and organization

Qualifications

Required Qualifications: These are REQUIRED qualifications. Candidates will be dispositioned out if they do not have these qualifications. These MUST be quantifiable.

• 7+ years of experience in the security domain, including both detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns.  
  

• 4+ years of people management experience, or relevant experience demonstrating readiness to step up into a people management role.
  

• 2+ years of hands-on experience in Malware Analysis, Reverse Engineering and various sandbox technologies
  

• Public track record of relevant security research, especially around threat actor tracking
  
  

Preferred Qualifications:

• Proven ability to collaborate and establish key threat intelligence partnerships to bolster information sharing and defenses

• Expertise tracking APT adversaries leveraging the Diamond Model to identify and characterize various TTPs, capabilities, infrastructure, and operational campaigns
  

• Knowledge of major cloud and productivity platforms, identity systems to map attacker technique to expected footprint in range of datasets  
  

• Experienced with curation of Threat Intelligence and delivering customer briefings and use data to “tell a story”
  

• Collaborate with other security teams across Microsoft to design and develop new security mitigations and defenses, with a focus on strategy and scalability
  

• Expert knowledge in intelligence analysis and reporting using common tools and techniques
  

• Experience with data analysis and cyber threat investigations in Azure
  

• Network penetration testing and intrusion remediation experience.   
  

• Have strong data knowledge, and ability to analyze and present complex data visually in a meaningful way
  

• Good written and verbal communication skills and an eye for detail.
  

• Ability to lead analysts across geographically separated teams
  

• Self-starter and able to deliver under stress, particularly in emergency response situations
  

• Innovative thinking to solve hard problems in ways that meet both customer and business goals
  
  Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

#AzureSecOpen

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#SCIMjobs