Job Information
Microsoft Corporation Cybersecurity Threat Hunter and Forensic Analyst in Multiple Locations, New Zealand
Why Microsoft
With over 18,000 employees worldwide, the Microsoft Customer Experience & Success (CE&S) organization is responsible for the strategy, design, and implementation of Microsoft’s end-to-end customer experience. Come join CE&S and help us build a future where customers come to us not only because we provide industry-leading products and services, but also because we provide a differentiated and connected customer experience.
The Global Customer Success (GCS) organization is leading the effort to create the desired customer experience through support offer creation, driving digital transformation across our tools, and delivering operational excellence across CE&S.
This role is flexible in that you can work up to 100% from home.
Responsibilities
The purpose of this role
The Microsoft Detection and Response team (DART) is hiring for a Cybersecurity Threat Hunter and Forensic Analyst. This position will be a vital individual contributor role on the DART Team in taking the lead in threat hunting and forensics in delivery of cybersecurity investigations for our customers. You will work in a fast-paced, intellectually intense, service-oriented environment where collaboration and speed are key to our investigations.
Responsibilities:
Responding to security incidents as threat hunter and digital forensics analyst when our customers are under cyber attack
Conduct threat hunting across customer’s networks with indicators of compromise, hunting for evidence of a compromise
Conduct incident response within various Cloud platforms
Identify attacker tools, tactics, and procedures to develop indicators of compromise
Identify and investigate intrusions to determine the cause and extent of the breach, by leveraging EDR solutions and threat intelligence sources
Conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
Lead end-to-end incident response investigations with Microsoft’s customers
Produce comprehensive and accurate oral and written out-briefs and presentations for both technical and executive audiences
Effectively communicate and interface with customers, both technically and strategically, from the executive level to customers, stakeholders, and legal counsel
Strong analytic, qualitative, and quantitative reasoning skills
Excellent time management, writing and communication skills
Assisting in the development of pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk.
Identifying and recommending solutions that improve or expand Microsoft’s incident response capabilities.
Providing security engineering solutions and support during customer-facing incidents, proactively considering the prevention of similar incidents from occurring in the future.
Working alongside and mentoring Cybersecurity analysts and engineers to improve security, reduce and quickly address risk.
Evaluating the impact of current security trends, advisories, publications, and academic research to Microsoft, cascading learnings as necessary across partner teams
Operating and continually improving existing threat hunting, threat and forensic analysis and investigation process, as well as the development of new processes in response to evolving threats and business requirements.
Leverage input from Cyber Threat Intelligence (CTI) team, including strategic, operational and tactical intelligence to benefit customer investigations
Keeping your knowledge and skills current with the rapidly changing threat landscape.
Participating in a follow-the-sun on-call rotation.
Short-notice travel will likely be 40% or higher as is demanded by the needs of our customers and our business. This is a global position. Off-time zone hours and weekend work is highly likely. Position location is flexible.
Qualifications
What skills do you need to have?
There will be many opportunities for you to learn and grow into this role and Microsoft.
Minimum required qualifications
5+ years of relevant work experience
In-depth knowledge of digital forensics in relation to the Windows operating system, including the ability to parse and interpret various artifacts accurately to provide historical context when perform an investigation
Equivalent knowledge in Linux, macOS, and memory captures also desirable
Experience acquiring both disk and memory images
Experience conducting forensic investigations involving the collection and analysis of data from Microsoft cloud products - including both Microsoft Entra ID and Azure workloads
Equivalent knowledge in third-party Cloud and identity providers also desirable
In-depth knowledge of enriching investigations utilizing a SIEM solution - from understanding what artifacts should be centralized and for how long, to how that data is structured within various SIEM products and familiarity with querying those solutions effectively
Including the analysis of data ingested from additional sources such as firewalls, VPNs, third-party AV and EDR solutions
Familiarity with Kusto Query Language or similar database query language for manipulating data
Experience with programming/scripting
Approaches Threat Hunting with a data science focused mindset, and is intimately familiar with different hunting methodologies and their place within the analysis cycle e.g. leveraging known threat intelligence sources to perform IOC Hunting vs hunting for common attacker behaviors with TTP Hunting vs identifying and investigating outliers across large datasets with Anomaly Hunting
Ability to take a risk-based approach when hunting through large datasets, including the ability to generate targeted recommendations based on those findings depending on the overarching incident, and to raise time-sensitive remediation actions when appropriate
Extensive experience Threat Hunting in both reactive incident response scenarios to identify initial access, lateral movement, persistence mechanisms, staging and exfiltration, and impact, and proactive scenarios to identify opportunities to reduce unnecessary risk, improve overall maturity, or evidence of an undiscovered compromise
Additional Qualifications
Familiarity with effective operational management processes to ensure effective tasking amongst your internal team members when managing hunting through expansive datasets in a limited window of time
Ability to operate effectively in high pressure incident response environments where customers are experiencing a potentially business-ending event and your findings dictate their next steps
Ability to communicate complex and technical findings effectively to customer representatives of varying levels - from deep and accurate forensic findings bring shared with security analysts, through to communicating the effective impact of your findings to the C-suite level
Experience working with methods utilized for evidence collection, maintenance of chain of custody and associated documentation, evidence storage and analysis, and evidentiary reporting
Experience with some of the following is a distinct advantage:
Demonstrated history of working as a threat hunting analyst, engineer and consultant to successfully investigate cases of advanced targeted exploitation or similar interactive hacking cases
Proven experience in helping enterprises manage vulnerabilities, measure security and ensure compliance
Recognized as a subject matter expert in various security disciplines with a deep understanding of real-world APT tools, tactics, and procedures
Cloud SaaS and PaaS experience and an understanding of investigations in those environments (Azure, AWS, Google) and leveraging cloud for investigation scale
Solid grasp of common cyber frameworks and models such as the MITRE ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, DeTT&CT and modern penetration testing techniques
International consulting experience is a plus
Eligibility for a government security clearance is a plus.
Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire / transfer and every two years thereafter.
Microsoft believes that by investing in our people and creating an inclusive environment, our team will do their best work. See our complete list of benefits and why we are recognised as an Endorsed Employer for Women by WORK180. Microsoft Benefits | WORK180 Endorsed Employer (https://work180.com/en-au/for-women/employer/microsoft/benefits)
Our mission is deeply inclusive. Inside Microsoft | Global Diversity and Inclusion at Microsoft (https://www.microsoft.com/en-us/diversity/inside-microsoft/default.aspx)
What next?
Even if you feel you may not meet 100% of the criteria, please apply. You may exceed your own expectations, or we may have another opportunity that suits your potential. While we’re not able to reach out directly to every applicant, we will always do our best to help you feel heard and supported throughout the experience.
In the meantime, please see our FAQs (https://careers.microsoft.com/us/en/faq) , Interview Tips (https://careers.microsoft.com/us/en/interviewtips) and Accessibility Support (https://careers.microsoft.com/us/en/accommodationrequest) for more information on our recruitment process.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .
Microsoft Corporation
-
- Microsoft Corporation Jobs