Senior Cyber Threat Researcher

at  Microsoft

Are you passionate about cybersecurity? Have you spent your days investigating and/or researching security incidents and uncovering malicious behavior? Are you an analyst skilled with the many tools and creative approaches used to hunt attackers? Are you a hunter at heart with an engineering mentality who automates to avoid doing the same thing twice?
The Microsoft Security Response Center (MSRC) as part of Cloud Security Operations Center team is looking for a seasoned Security Researcher to work as a Cyber Hunt Analyst in the Cyber Defense Operations Center (CDOC). As part of this dynamic and high-impact team - you will have the opportunity to seek out adversary tactics, techniques, and procedures (TTP) in our environment using advanced security technologies combined with your own creative hunting methodologies.
In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities. You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.
For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center (SOC). Extending beyond the traditional blue team role, you will engage red teams and participate in purple team exercises that will build your perspective of the adversarial mindset as well as identify new techniques that need to be hunted. Finally, you will play a critical role in the improvement to monitoring and response to major Incidents affecting the enterprise.

QUALIFICATIONS

• Bachelor’s degree in Computer Science or Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience.
• Experianced in security operations, threat hunting and analysis, pen testing, vulnerability research, and/or digital forensics and incident response
• Extensive experiance working with large data sets to answer complex and ambiguous questions,
• Using tools and languages like: SQL, KQL, Azure Data Explorer, Azure Data Lake, Azure Machine Learning (AML), Jupyter Notebooks, Spark, Azure Synapse, R, U-SQL, Python, ELK stack, or Splunk.
• Must have strong verbal and written communication skills; ability to communicate effectively to internal and external business partners as well as technical, and non-technical staff
• Good knowledge of kill-chain model, ATT&CK framework, diamond model, and modern redteam techniques
• Demonstrated knowledge of common/emerging attacks techniques.
• Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly.
• Participate in current operations shifts, on call rotation, and focus area rotations

OTHER QUALIFICTIONS:

• Ability to work effectively in ambiguous situations and respond favorably to change
• Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB).
• Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and
• Logic Apps and ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.
• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD) / Microsoft Entra, etc.
• Experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams, or Power Platform.
• Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
• Deep and practical OS security/internals knowledge
• Background in malware analysis, vulnerability research or attack simulation
• Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms
• Experience performing development and code debugging with functional or object-oriented programming such as .NET or Java; hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.
• Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness.
• Ability to effectively multi-task and prioritize in a fast-paced environment
• Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations
• Industry recognized author of security research papers, blogs, or books
• Good working knowledge of common security protocols such as various forms of encryption, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH.
• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.
  Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations

• Develop, document, and execute threat hunting research with internal teams to identify adversaries and their behaviors, including new/emerging tactics.
• Conduct research that yields new insights, theories, analyses, data, algorithms, and prototypes that advance state-of-the-art of controls, detections, monitoring, and investigation/hunting capabilities or leads to improvements to the protection capabilities of our products and services.
• Develop robust detection and mitigation strategies by studying security researchers, attackers, and real incidents. Identify attack-paths from kill-chains for relevance and long-term effectiveness.
• Innovate processes, create strategies, develop automation or tools and work with partner teams to promote efficiency for hunters and investigators.
• Document and communicate hunt methodologies, findings, and outcomes and aid in development of metrics and KPIs for existing projects to monitor progress. This includes reports with varying levels of management.
• Identify and collaborate on response to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data or to major incidents affecting the enterprise and cloud’s infrastructure.