Not Authorized
You are currently not authorized to access this section.
Please contact your Administrator to change your authorization settings.
Please contact your Administrator to change your authorization settings.
Senior Security Researcher
Redmond, WA
Job Description
OverviewSecurity represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. At Microsoft Security, our mission is to make the world a safer place for all. The Messaging and Web Security Research team is a global, multidisciplinary organization of engineers, data scientists, security researchers, and program managers. With an unparalleled view of the threat landscape, we develop deep expertise in attacker techniques and use that knowledge along with the latest technology to stop it. We protect customers using Outlook.com, Microsoft Defender for O365, Microsoft Edge, and much more. The team is focused on discovering email borne (socially engineered) threats and tracking threat actors behind them. We are laser focused on countering adversary-based threats to Microsoft and its customers through production and dissemination of threat intelligence, proactive hunting and incident response, and the development of new tools and approaches to detect adversary activity. One of the core mission of the team is to track both nation state and crimeware threat actors abusing Microsoft Infrastructure and improve services to catch such attack campaigns sooner. You will have an opportunity to research and build innovative approaches for detecting and tracking advanced threats and developing TTPs (Tactics, Techniques and Procedures). You will work closely with other MSTIC (Microsoft Threat Intelligence Center) analysts, reverse engineers, O365 defenders and signal teams to investigate threats, proactively hunt for compromise, and develop tooling and data automation. We are looking for an Senior Security Researcher to join to the team. Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
ResponsibilitiesDemonstrate an advanced understanding of the current and former threat landscape, including major trends, activity groups, and tooling used by both prolific and obscure threat actors. Develop complex detections using static, dynamic, and hybrid detection engines, such as Yara, ClamAV, Suricata/Snort, Sigma, and Zeek. Focus on signature performance, maintenance, testing, and the overall lifecycle management of signatures. Conduct in-depth analysis for threats such as phishing, malware, and exploits Utilize sandboxing technologies to analyze and understand malicious behaviors, including development, advanced usage, and interpretation of outputs. Conduct thorough threat hunting and analysis using large and diverse datasets to identify false negatives, detect gaps, and improve our overall security posture. Document and track advanced threat activity, including major crimeware, nation state entities, and other threat groups. Leverage cyber threat intelligence concepts to enhance detection and response capabilities.Automate security processes through scripting or coding languages, particularly Python. Apply knowledge of KQL (Kusto Query Language) to perform advanced data analysis and investigations. Analyze network traffic using PCAP (Packet Capture), netflow, or other log sources to identify and respond to security incidents. Possess excellent communication skills to effectively collaborate with teams and individuals outside of the security team. Build, develop, and maintain processes and procedures to enhance operational efficiency and effectiveness. Mentor team members and provide training to internal and external teams.
ResponsibilitiesDemonstrate an advanced understanding of the current and former threat landscape, including major trends, activity groups, and tooling used by both prolific and obscure threat actors. Develop complex detections using static, dynamic, and hybrid detection engines, such as Yara, ClamAV, Suricata/Snort, Sigma, and Zeek. Focus on signature performance, maintenance, testing, and the overall lifecycle management of signatures. Conduct in-depth analysis for threats such as phishing, malware, and exploits Utilize sandboxing technologies to analyze and understand malicious behaviors, including development, advanced usage, and interpretation of outputs. Conduct thorough threat hunting and analysis using large and diverse datasets to identify false negatives, detect gaps, and improve our overall security posture. Document and track advanced threat activity, including major crimeware, nation state entities, and other threat groups. Leverage cyber threat intelligence concepts to enhance detection and response capabilities.Automate security processes through scripting or coding languages, particularly Python. Apply knowledge of KQL (Kusto Query Language) to perform advanced data analysis and investigations. Analyze network traffic using PCAP (Packet Capture), netflow, or other log sources to identify and respond to security incidents. Possess excellent communication skills to effectively collaborate with teams and individuals outside of the security team. Build, develop, and maintain processes and procedures to enhance operational efficiency and effectiveness. Mentor team members and provide training to internal and external teams.
Job Summary
Company
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Experience
Open
Email this Job to Yourself or a Friend