Security Operations Engineering Ic3

Do you love the excitement and learning opportunity to study analyse and deal with the most complex threats to digital security in today s world Do you have the learner mindset are willing to un-learn old skills and learn new ones every day Are you excited by the potential of influencing the state of security of our entire company every day If yes then this opportunity is for you Responsible for the installation maintenance support and optimization of all security-related components Facilitate incident response and forensic investigations Apply countermeasures to mitigate evolving security threats Work with other teams to ensure platform hardening security maintenance and vulnerability remediation procedures are followed Special Requirements Proficiency in KQL query and in a scripting language preferably perl PHP or python a plus Must demonstrate basic knowledge of knowledge of Linux Mac and Strong understanding of Windows operating systems and networking protocols About CDO - Cyber Defense Operations An organization led by Microsoft s Chief Information Security Officer enables Microsoft to deliver the most trusted devices and services CDO s vision is to ensure all information and services are protected secured and available for appropriate use through innovation and a robust risk framework Responsibilities Technical Insight Provides technical insight on incident analysis and management threat mitigation forensics malware analysis and automation KRA and KPI Management Ensures strong Key Result Areas KRA and Key Performance Indicators KPI management Collaboration Embraces the values of Microsoft through coaching and collaboration and partners with peer teams working in similar areas Stakeholder Management Manages critical stakeholder calls and meetings including non-business hours while addressing critical security incidents Security Knowledge Possesses extensive hands-on knowledge of security concepts including cyber-attacks techniques threat vectors risk management and incident management Automation Opportunities Discovers potential automation opportunities or insights to enhance operational efficiency Product Collaboration Collaborates and advises product teams on enhancing Microsoft s first-party security products by offering actionable feedback for improvement Team Environment Cultivates a positive and inclusive team environment Operational Rigor Demonstrates exceptional operational rigor with real-world experience in cyber security operations threat mitigation and incident response Communication Skills Exhibits excellent technical writing and oral communication skills Problem-Solving Shows a systematic problem-solving mindset Qualifications 8 years of work experience with a minimum of 6 years of experience in SOC Minimum 4 years of experience in Azure Cloud Hands on experience with incident analysis Threat Actor related incident handling Large Scale incident responder and Threat Hunting Understanding of Windows internals Linux and Mac OS Understanding of various attack methods vulnerabilities exploits malware Good Understanding of SIEM Console and tools such as Sentinel Splunk Qradar etc Social engineering - given that humans are the weakest link in the security chain an analyst s expertise can help with awareness training Security assessments of network infrastructure hosts and applications - another element of risk management Conduct root cause analysis and post-incident reviews Assist in tuning and optimizing detection rules and alerts Forensics - investigation and analysis of how and why a breach or other compromise occurred Develop and maintain incident response playbooks and standard operating procedures SOPs Collaborate with IT DevOps and other teams to remediate vulnerabilities and improve security controls Troubleshooting - the skill to recognize the cause of a problem DLP AV FIM web proxy email proxy etc - a comprehensive understanding of the tools utilized to protect the organization Excellent written and oral communication skills Security certifications such as GCIH GCFA GREM CySA Knowledge of Azure Sentinel and KQL query is a must and added advantage Exposure to threat intelligence platforms and SOAR tools Knowledge of MITRE ATT CK framework and incident response methodologies Microsoft is an equal opportunity employer All qualified applicants will receive consideration for employment without regard to age ancestry color family or medical care leave gender identity or expression genetic information marital status medical condition national origin physical or mental disability political affiliation protected veteran status race religion sex including pregnancy sexual orientation or any other characteristic protected by applicable laws regulations and ordinances If you need assistance and or a reasonable accommodation due to a disability during the application or the recruiting process please send a request via the