Cybersecurity Incident Response Engineer, Threat Hunting and Forensics Analyst

at  Microsoft

With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.
The Microsoft Detection and Response Team (DART) is looking for a Cybersecurity Incident Response Engineer, Threat Hunter and Forensic Analyst to join their collaborative team. This position will be a vital individual contributor role on the DART team in taking the lead in threat hunting and forensics in delivery of cybersecurity investigations for our customers. You will work in a fast-paced, intellectually intense, service-oriented environment where collaboration and speed are key to our investigations.
The role is flexible in that you can work up to 100% from home however short notice travel to work onsite alongside customers will likely be 40% or higher as is demanded by the needs of our customers and business. This position may require you to work a rotational On-Call schedule, evenings, weekends or holiday shift. Though schedule changes are not frequent, you will need to have flexibility to accommodate changes as needed.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

RELATIONSHIP/EXPERIENCE MANAGEMENT

• Collaborates with the relevant product and business groups on how customers use the product. Understands and identifies gaps in customer scenarios and product limitations. Provides details to the product and business groups on customer product experience and usage. With minimal supervision, acts as a voice of customers (VOCs) to inform product and business groups on customer product experience and usage.
• With minimal guidance, partners with other teams (e.g., program managers, software engineers, product, customer service support [CSS] teams) to review and unblock, and resolve customer incidents/issues. Collaborates with internal partner teams to supports delivery of solutions back to the customers. Informs stakeholders on customer progression including issues. Independently starts to build partnerships with internal technical teams to update the troubleshooting resources. With minimal guidance, works with the relevant product and business groups to resolve customer issues.

REQUIRED/MINIMUM QUALIFICATIONS

• Bachelor’s Degree in Engineering, Computer Science, or related field AND 2+ years experience in software industry experience related to technology
• OR equivalent experience.

OTHER REQUIREMENTS

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

ADDITIONAL OR PREFERRED QUALIFICATIONS

• Bachelor’s Degree in Engineering, Computer Science, or related field AND 5+ years software industry experience related to technology
• OR equivalent experience.
• 1+ year(s) customer facing experience.
• Threat Hunting in reactive incident response scenarios to identify initial access, lateral movement, persistence mechanisms, staging and exfiltration, and impact, and proactive scenarios to identify opportunities to reduce unnecessary risk, improve overall maturity, or evidence of an undiscovered compromise.
• Threat hunting across networks, various cloud platforms and endpoints with indicators of compromise, hunting for evidence of a compromise.
• Identify attacker tools, tactics, and procedures to develop indicators of compromise.
• Identify and investigate intrusions to determine the cause and extent of the breach.
• Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations.
• In-depth knowledge of digital forensics in relation to the Windows operating system, including the ability to parse and interpret various artifacts accurately to provide historical context when perform an investigation. Equivalent knowledge in Linux, macOS, and memory captures also desirable.
• Experience conducting forensic investigations involving the collection and analysis of data from Microsoft cloud products. Equivalent knowledge in third-party Cloud and identity providers also desirable.
• Experience acquiring both disk and memory images.
• In-depth knowledge of enriching investigations utilizing a SIEM solution.
• Experience with including the analysis of data ingested from additional sources such as firewalls, VPNs, third-party AV and EDR solutions.
• Programming/scripting and a database query language for manipulating data.
• Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting.
  Customer Experience Engineering IC3 - The typical base pay range for this role across the U.S. is USD $94,300 - $182,600 per year.
  There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $120,900 - $198,600 per year.
  Customer Experience Engineering IC4 - The typical base pay range for this role across the U.S. is USD $112,000 - $218,400 per year.
  There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $145,800 - $238,600 per year.
  Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
  Microsoft will accept applications and processes offers for these roles on an ongoing basis.