Security Operations Engineer II

Overview Do you love the excitement and learning opportunity to study, analyse and deal with the most complex threats to digital security in today's world? Do you have the “learner” mindset, are willing to un-learn old skills and learn new ones every day? Are you excited by the potential of influencing the state of security of our entire company, every day? If yes, then this opportunity is for you. Responsible for the installation, maintenance, support and optimization of all security-related components Facilitate incident response and forensic investigations Apply countermeasures to mitigate evolving security threats Work with other teams to ensure platform hardening, security maintenance, and vulnerability remediation procedures are followed Special Requirements Proficiency in KQL query and in a scripting language, preferably perl, PHP, or python a plus Must demonstrate basic knowledge of knowledge of Linux, Mac, and Strong understanding of Windows operating systems and networking protocols.  About CDO - Cyber Defense Operations. An organization led by Microsoft’s Chief Information Security Officer enables Microsoft to deliver the most trusted devices and services. CDO’s vision is to ensure all information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework. Qualifications 8+ years of work experience, with a minimum of 6 years of experience in SOC. Minimum 4 years of experience in Azure/Cloud Hands on experience with incident analysis, Threat Actor related incident handling, Large Scale incident responder and Threat Hunting. Understanding of Windows internals, Linux and Mac OS. Understanding of various attack methods, vulnerabilities, exploits, malware. Good Understanding of SIEM Console and tools such as Sentinel, Splunk, Qradar etc Social engineering - given that humans are the weakest link in the security chain, an analyst's expertise can help with awareness training Security assessments of network infrastructure, hosts and applications - another element of risk management. Conduct root cause analysis and post-incident reviews. Assist in tuning and optimizing detection rules and alerts. Forensics - investigation and analysis of how and why a breach or other compromise occurred. Develop and maintain incident response playbooks and standard operating procedures (SOPs). Collaborate with IT, DevOps, and other teams to remediate vulnerabilities and improve security controls. Troubleshooting - the skill to recognize the cause of a problemDLP, AV, FIM, web proxy, email proxy, etc. - a comprehensive understanding of the tools utilized to protect the organization.  Excellent written and oral communication skills.  Security certifications such as GCIH, GCFA, GREM, CySA+ Knowledge of Azure Sentinel and KQL query is a must and added advantage. Exposure to threat intelligence platforms and SOAR tools. Knowledge of MITRE ATT&CK framework and incident response methodologies. Responsibilities Technical Insight: Provides technical insight on incident analysis and management, threat mitigation, forensics, malware analysis, and automation. KRA and KPI Management: Ensures strong Key Result Areas (KRA) and Key Performance Indicators (KPI) management. Collaboration: Embraces the values of Microsoft through coaching and collaboration, and partners with peer teams working in similar areas. Stakeholder Management: Manages critical stakeholder calls and meetings (including non-business hours) while addressing critical security incidents. Security Knowledge: Possesses extensive hands-on knowledge of security concepts including cyber-attacks, techniques, threat vectors, risk management, and incident management. Automation Opportunities: Discovers potential automation opportunities or insights to enhance operational efficiency. Product Collaboration: Collaborates and advises product teams on enhancing Microsoft's first-party security products by offering actionable feedback for improvement. Team Environment: Cultivates a positive and inclusive team environment. Operational Rigor: Demonstrates exceptional operational rigor with real-world experience in cyber security operations, threat mitigation and incident response. Communication Skills: Exhibits excellent technical writing and oral communication skills. Problem-Solving: Shows a systematic problem-solving mindset. Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.Industry leading healthcareEducational resourcesDiscounts on products and servicesSavings and investmentsMaternity and paternity leaveGenerous time awayGiving programsOpportunities to network and connect