Be an early applicantLess than 25 applicants

Company

Original Job Post

Microsoft · 1 week ago

Senior Cyber Investigations Analyst

Redmond, WA

Full-time

Hybrid

Senior Level

$117K/yr - $229K/yr

5+ years exp

Wonder how qualified you are to the job?

Data ManagementDeveloper Tools

Actively Hiring

Growth Opportunities

Insider Connection @Microsoft

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Respond to and investigate sophisticated threats with information from a wide variety of sources, and ensure similar scenarios are prevented in the future.

Perform forensic investigation on suspected compromised assets and analyze log data to determine what occurred.

Collaborate with the team to create adversary eviction and incident remediation plans.

Analyze and improve situational awareness, monitoring coverage, and incident response capabilities.

Investigate, analyze and eradicate threats proactively.

Design, develop, and deliver tooling to assist the investigative process.

Create technical documentation for other analysts and other teams to follow.

Embody our Culture and Values.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Software Development LifecycleLarge-Scale ComputingModelingCyber SecurityAnomaly DetectionSOC DetectionThreat AnalyticsSIEMIT Operations Incident ResponseAdversary & Cyber Intel FrameworksKill-Chain ModelATT&CK FrameworkDiamond ModelBig DataSecurity Information & Event ManagementArcSightSplunkElasticSearchLogstashAzure Data ExplorerAzure Log AnalyticsAzure Data LakeAzure SentinelExtremely Large Data SetsSQLKQLJupyter NotebookSparkAzure SynapseR

Required

5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.

OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

3+ years of experience working with adversary & cyber intel frameworks such as kill-chain model, ATT&CK framework, and Diamond Model.

3+ years experience with big data and Security Information & Event Management (SIEM) solutions such as ArcSight, Splunk, ElasticSearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, or Azure Sentinel.

3+ years experience working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook, Spark, Azure Synapse, R, U-SQL, Python, Splunk, and PowerBI.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.

Preferred

Previous experience performing development and code debugging with functional or object-oriented programming such as .NET or Java.

Demonstrate ability to understand and communicate technical details with varying levels of management.

Expectation to learn new tools and techniques every day.

Good working knowledge of common security, encryption, and protocols such as encryption, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH.

Past experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams.

Deep and practical OS security/internals knowledge for Linux and Windows. Exposure to security related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis.

Ability to rapidly automate data handling and data curation using PowerShell, Python, Azure Data Factory, and various Azure-based tools.

Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.

Hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.

Ability to work effectively in ambiguous situations and respond favorably to change.

Comfortable working in a startup mode on a new team where there is lots of opportunity.

Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are plus.

Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until July 1, 2024.