Senior Security Analyst

Microsoft

Location: Redmond, Washington

Job Type: Full time

Posted

The most difficult thing is the decision to act, the rest is merely tenacity.
- Amelia Earhart

Threat Discovery team in MSTIC is focused on discovering email borne (socially engineered) threats and tracking threat actors behind them. We are laser focused on countering adversary-based threats to Microsoft and its customers through production and dissemination of threat intelligence, proactive hunting and incident response, and the development of new tools and approaches to detect adversary activity. One of the core mission of the team is to track both nation state and crimeware threat actors abusing Microsoft Infrastructure and improve services to catch such attack campaigns sooner.

You will have an opportunity to research and build innovative approaches for detecting and tracking advanced threats and developing TTPs. You will work closely with other MSTIC analysts, reverse engineers, O365 defenders and signal teams to investigate threats, proactively hunt for compromise, and develop tooling and data automation.

Responsibilities

  • The Threat intelligence lead role is highly cross-functional and provides autonomy to dive deep, identify trends and permanently solve global abuse and fraud problems
  • You will be responsible for defining and driving the product roadmap from conception of ideas to its execution
  • Investigate, analyze, and learn from security researchers, attackers, and real incidents to develop durable cloud detection solution/strategies across the kill-chain or product/OS enhancements
  • You will reverse-engineer scaled attacks and perform tactical/long term mitigation of ongoing abuse against Microsoft business products through rapid prototyping of investigations workflows and enforcement rules
  • Inform our understanding of emerging threats/abuse patterns to Microsoft's cloud services through the production of strategic and tactical intelligence, and implement it with the appropriate partners
  • You will work effectively as part of a cross-geo team of analysts, security researchers, data scientists and developers to build out our picture of the threat landscape. You will strengthen existing partnerships and build new ones with key organizations to deliver benefit to Microsoft and its customers
  • Provide exemplary leadership in an exceptionally challenging and rewarding environment and influence the organization
  • Hire, mentor and grow security talent within the team and organization

Qualifications

Required Qualifications:

  • 4+ years of experience in the security domain, including both detailed understanding of attacker techniques and tracking the threat actors behind specific campaigns.  
  • 2+ years of experience in Malware Analysis, Reverse Engineering and various sandbox technologies
  • Ability to map attacker technique to expected footprint in range of datasets  
  • Track record in taking analyst research ideas to production in partnership with developers   
  • Proven ability to collaborate and establish key threat intelligence partnerships to bolster information sharing and defenses
  • Strong understanding in at least one of the following:
    • Network forensics including common protocols and how those are used in adversary operations
    • Analyzing sophisticated malware campaigns used in targeted attacks against large corporate or government entities
    • Analyzing large datasets to identify meaningful signals and patterns that correlate with fraud and abuse

Optional:

  • Network penetration testing and intrusion remediation experience
  • Visualization tools
  • Expertise in cloud networking, cloud application development & cloud APIs

Preferred Qualifications:

  • Expert knowledge in intelligence analysis and reporting using common tools and techniques;
  • Expertise tracking APT adversaries leveraging the Diamond Model to identify and characterize various TTPs, capabilities, infrastructure, and operational campaigns
  • Network penetration testing and intrusion remediation experience.   
  • Have strong data knowledge, and ability to analyze and present complex data visually in a meaningful way;
  • Good written and verbal communication skills and an eye for detail.
  • Ability to work across geographically separated teams
  • Self-starter and able to deliver under stress, particularly in emergency response situations
  • Innovative thinking to solve hard problems in ways that meet both customer and business goals

#MSFTSecurity

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

You’ve got this!