|Job Type:||Full Time|
Do you want to join the Detection and Response Team (DART) as a Digital Forensic Analyst?
Do you have a passion for helping Microsoft’s clients defend themselves against targeted attack? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry, communicating with security industry leaders, and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers assess their security posture?
If so, you might be a candidate for the Microsoft Cybersecurity Detection and Response Team (DART) as a Forensic Analyst.
We are looking for a Forensic Analyst with a strong, experienced security background to join our team delivering Incident Response investigations and point-in-time cybersecurity assessments that provide our worldwide enterprise customers with both a deeper understanding of their security posture and an understanding of potential malicious activities within their environments.
This role will work as part of a collaborative team assisting our top customers with:
- Discovering attacker persistence (if present)
- Determining attacker activity on known compromised systems
- Identifying potential threats – allowing for proactive defense before an actual incident
- Providing recommendations to improve cybersecurity posture going forward
- Performing knowledge transfer to prepare customers to defend against today’s threat landscape
A BS in Computer Science or Engineering or comparable experience in a related discipline with 1+ years of related work experience along with the following:
- Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
- Understanding of malware and the modern threat landscape
- Detail oriented and reliable problem solver mentality
- Excellent oral and written communication skills including concisely communicating status and creating customer reports and presentations
- Familiarity and understanding of basic SQL or KQL queries
- Experience with some of the following is a distinct advantage:
- Consulting background
- Active Directory subject matter expertise
- Experience with APT actor group evidence including familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and attack Tools, Techniques and Procedures (TTPs)
- Use of forensic analysis tools such as X-Ways Forensics®, WinHex®, Encase®, FTK®, etc.
- Microsoft Azure and/or Office 365 platform knowledge and experience
- Experience with various forensic log artefacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
- Familiarity with Log Analytics and Windows Defender ATP Advanced Analysis queries
- Excellent understanding of Windows internals and where trace evidence can be found
- Understanding of technology and security principles and possess knowledge of the cyber threat landscape
- Proven experience in helping enterprises manage vulnerabilities, measure security, and ensure compliance
- A desire to learn and grow, as well as a desire to help others do so
- Knowledge of third-party cybersecurity solutions
- CISSP certification or similar
If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Microsoft’s Cybersecurity Detection and Response Team (DART).
Travel is an integral part of this position as are high levels of recognition and visibility. Short notice international travel is required for the role.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.