Security Researcher, Microsoft Threat Intelligence Centre

at  Microsoft

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
The Microsoft Threat Intelligence Center (MSTIC) have unique optics into end-to-end attacks and how different stages manifest across our telemetry: we join the dots and show the art of the possible. The Threat Intelligence Research team research and develop new capability to detect attacks and threat actors through novel correlation and analysis ideas. We automate the generation of Threat Intelligence, and then achieve global impact by partnering across the company to connect it to our security solutions and defenders
We are looking for an innovative security researcher who can apply their researcher mindset to help our analysts and threat hunters detect and track threats in our telemetry sources, increasing their effectiveness. You will create detections and heuristics that run at scale on our telemetry across multiple services and data sources and apply them at cloud scale. Your work will combine data analysis, security research and rapid prototyping to protect Microsoft and our customers.

REQUIRED QUALIFICATIONS

• Strong quantitative skills (e.g., as demonstrated by your degree course in a quantitative field such as Mathematics, Statistics, Computer Science, Engineering, etc.).
• Curiosity and passion for problem solving; ability to learn new skills quickly and apply them to threat tracking problems in MSTIC.
• Experience applying data-driven inference methods such as statistics, data mining or machine learning to data at scale.
• Strong programming skills in Python or Java/Scala/C#, with understanding of cloud architectures and distributed computing such as Apache Spark.

Preferred Qualifications

• Demonstrable experience in applying a research methodology to telemetry in the security domain to detect and track malicious activity for new and novel threat actor TTPs.
• Track record of prototyping new innovative ideas and seeing them through to production.
• Knowledge of cloud identity TTPs and applying this to threat detection at scale.

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations

• Work with our threat hunters and analysts to develop novel approaches to tracking and monitoring threat actors that target Microsoft customers.
• Deliver end to end solutions for processing large scale data that originates from users, services, or other automated systems.
• Partner across Microsoft Threat Intelligence to deliver end to end solutions to our products and services.