|Location:||Redmond, Washington, Reston, Virginia|
|Job Type:||Full Time|
Are you interested in discovering and tracking emerging threats, and using that information to deliver detection to Microsoft and its customers? Do you want to be part of the team that provides security analysis services for products such as Office 365's Advanced Threat Protection?
Do you like reversing malwares? We’ll give you malware to analyze.
Love coding? There’s plenty to write.
Are you a data buff? Then this place is for you!
Come join us at Microsoft Threat Intelligence Center (MSTIC) in C&AI Security!
Microsoft Threat Intelligence Center (MSTIC) is looking for an experienced Security Engineer to join the Microsoft Global Research and Response Team. MSTIC is focused on countering adversary-based threats to Microsoft and its customers through production and dissemination of threat intelligence, proactive hunting and incident response, and the development of new tools and approaches to detect adversary activity. The team focuses on tracking emerging email borne threats (malware/phishing), writing detections, hunting for targeted threats/campaign and generating premium threat intelligence content.
- Analyze email messages to identify Phish/Spam/Malware content
- Analyze large datasets to identify Phish/Malware trends;
- Provide in-depth / FP / FN analysis for Office 365 Advanced Threat Protection service;
- Implement rich security analysis and production quality detection capabilities in the cloud;
- Respond to escalations from partner, engineering, sales & marketing teams
- Respond to incidents and alerts as they are detected, and take appropriate actions to protect the environment
- Hunt for targeted attacks, 0’day exploits and new threats targeting Microsoft and customers;
- Generate quality technical reports/blog content on the research, trending threats and their detections
- BS in Computer Science or Computer Engineering, or at least 3 years of comparable industry experience
- 3+ years of experience in Malware Analysis, Reverse Engineering and various sandbox technologies
- 1+ years of experience in analyzing and responding to email borne threats
- 3+ years of experience in writing system and network based signatures (Regular Expressions, Yara, ClamAV, Snort)
- Experience in programming (C/C++/C# or Python) and building automations
- Expert knowledge in intelligence analysis and reporting using common tools and techniques
- Experience in writing system and network based signatures (Regular Expressions, Yara, ClamAV, Snort)
- Good understanding of Data Science technologies and experience with building/customizing Machine learning models
- Experience with static and dynamic analysis tools, ex: Ida Pro, Debuggers (Ollydbg /Immunity, Windbg)
- Have strong data knowledge, and ability to analyze and present complex data visually in a meaningful way;
- Good written and verbal communication skills and an eye for detail.
- Ability to work across geographically separated teams
- Self-starter and able to deliver under stress, particularly in emergency response situations;
- Innovative thinking to solve hard problems in ways that meet both customer and business goals
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.