Security Engineer II

The Digital Security and Resilience (DSR) team is looking for a motivated Security Engineer II to be a part of the Cyber Security Operations Center.

In this role you will have the opportunity to work on cybersecurity issues as part of a dynamic and high-impact team. We use advanced security technologies, extensive automation and procedures to protect, detect and respond to security threats in real-time. In addition to day to day responsibilities, you will inform security initiatives across the company. You will analyze, contain and mitigate threats and escalations from multiple sources, both internal and external. You will be building and tuning a wide variety of advanced security detections, conducting detailed and comprehensive investigation and driving issues to closure. You will also contribute to developing innovative automation and orchestration solutions for detection and response. As part of the job, you will collaborate with security partners and Microsoft security product groups to improve our security posture.

The candidate will have experience in a team environment, experience with security operations and technical depth in information security domains like authentication, incident response, security monitoring or threat intelligence. In addition, this position requires an individual who thrives in high volume, highly collaborative setting.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Relocation assistance is unavailable for this role.

Responsibilities

• Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data.
• Conduct detailed comprehensive triage and investigation on a wide variety of security events and implement containment and mitigation processes.
• Collaborate with internal security partners and threat intelligence teams to derive indications and warnings of impending threat.
• Build, deploy, tune scalable systems that automate security event detection, response and repeatable tasks through technical solutions and new security tools.
• Work with analysts and engineers by observing gaps and opportunities to provide efficiencies in detection and response.
• Keep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring.
• Participate in creating innovative ways to use a wide range of security event data to advance detection methods.
• Use security business intelligence to drive prioritization and improvements within Microsoft security programs.
• Should have solid verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.
• Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly.
• We handle active security events and respond to threats from a variety of sources, you will be required to participate in shift and on call rotation.

• Embody our Culture and Values

Qualifications

Required/Minimum Qualifications

• 3+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response

o OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

• 3+ years of hands-on experience in security operations, threat detection and analysis, and/or incident response.
• 2+ years of professional software development life-cycle experience in one of the following - C#, JavaScript or Python.

Other Requirements 

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: 

Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Additional Qualifications: 

• Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues.
• Understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.
• Deep understanding of system internals on MacOS, Windows, and Linux.
• Background in malware analysis.
• Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps.
• Experience automating and developing with Python, Jupyter Notebooks, PowerShell, Kusto, or R with RESTful APIs.
• Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB).
• 2+ years working with SQL-based databases.
• Experience working within a diverse organization to gain support for your ideas.
• Ability to effectively multi-task and prioritize in a fast-paced environment.

Security Operations Engineering IC3 - The typical base pay range for this role across the U.S. is USD $98,300 - $193,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $127,200 - $208,800 per year.  

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay 

Microsoft will accept applications for the role until July 4, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#MSFTSecurity #DSR #MSRC