Senior Security Analyst

Do you have a passion for helping Microsoft’s clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? Are you interested in a fast-paced job full of new opportunities? If so, you might be a candidate for the Microsoft Detection and Response Team (DART) within our Security Service Line (SSL) organization. The team is looking for a strong, experienced Incident Response Analyst(s) to join the investigation team of advanced cyber-attacks for our worldwide commercial and public-sector enterprise customers as part of our end-to-end security service line. Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us achieve our mission. Industry Solutions helps Microsoft customers around the world get the best outcomes from their investments in the latest Microsoft cloud technologies. We focus on empowering customers on their digital journey, from envisioning new possibilities to delivering solutions that result in targeted business outcomes and a great customer experience. Responsibilities Responsibilities: Monitor customers via Microsoft Security Stack and provide advanced detection and response service though security event analysis and review Perform live response data collection and analysis on files of interest Perform triage and collect data on relevant events Determine and validate findings and conclusions Perform incident response and basic malware analysis to investigate incidents Help navigate the customer from incident response triage into the incident response process if findings are substantiated Resolve false positives and communicate effectively with other stakeholders Maintain current knowledge of tools and best-practices in forensics and incident response and an understanding of advanced persistent threats, including: tools, techniques, and procedures of attackers Collaborate with other Microsoft incident responders, security intelligence groups, and product groups to provide feedback on detection gaps and features to improve customer security posture. If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Microsoft’s Detection and Response Team (DART).  #DART Other On-call work will likely be required as is demanded by the needs of our customers and our business. Position location is flexible. Embody our culture and values Qualifications Required Qualifications: Bachelor's Degree in Computer Science, Engineering or comparable 5+ years’ experience in the security field Or equivalent experience Preferred Qualifications Functional knowledge and experience with incident response management and case triage Experience with reviewing and analyzing data logs from various security platforms, Microsoft Security Stack preferred (Defender for Endpoint, Defender for Identity, Sentinel) Excellent understanding of Windows internals and where trace evidence can be found Understanding forensic artifacts Experience with the following is highly preferred: Active Directory Incident Response or other relevant security analyst related experience APT actor group evidence handling Familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and attack Tools, Techniques, and Procedures (TTPs) Familiarity and understanding of basic SQL or KQL queries Microsoft Azure and/or Office 365 platform knowledge and experience Understanding technology and security principles and possess knowledge of the cyber threat landscape Experience navigating and working with a case management system Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.