Threat Hunter Ii

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

We are the Microsoft 365 Defender Experts team, and we are committed to defending Microsoft customers from sophisticated cyber-attacks and adversaries. Our mission is to help protect customers with a truly innovative proactive approach, advising on emerging trends, and engaging in valuable partnerships. As the Research organization within Defender Experts, it’s our job to stay one step ahead of malicious adversaries and predict the threats of the future. We work with partners across Microsoft to innovate new approaches for detecting and tracking threats, attacker techniques, their tools and infrastructure. We are always learning. Insatiably curious. We lean into uncertainty, take risks, and learn quickly from our mistakes. We build on each other’s ideas, because we are better together. Our security products are brought together in the Microsoft 365 Defender (M365D) suite. M365D enables Microsoft’s enterprise customers to detect, investigate, understand, and respond to advanced threats on their networks via a combination of behavioral sensors, security analytics, and threat intelligence. We are looking for a Threat Analyst to join our defender Experts team. In this role you will use deep knowledge of the attacker landscape and rich telemetry from our sensors across wide range of Microsoft security products to respond to the potential adversaries or suspicious activities in the customer environment.
- Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond._

**Responsibilities**:

- Digital forensics investigations to analyze and understand the root cause of security incidents, utilizing M365 Defender logs and data. Document findings and prepare comprehensive incident reports.
- Monitor security alerts and events, ensuring timely identification and escalation of potential threats with a focus on M365 Defender's monitoring capabilities. Utilize M365D product suite (MDE/MDO/MDI etc) and other SIEM tools to enhance the customer's security posture.
- Strong understanding of cloud architecture, services, and deployment models, as well as common security threats and attack vectors targeting cloud environments.
- Proactively search for indicators of compromise (IoCs) and emerging threats within the customer environment. Develop and execute threat hunting strategies.
- Work closely with other SOC team members and IT personnel to share threat intelligence and enhance overall security awareness.
- Analytical skills with the ability to interpret complex datasets and generate actionable insights.
- This role involves working in a 24x7 shift pattern.

**Qualifications**:
Bachelor's degree in a relevant field or equivalent work experience.
- 5+ years of experience in a SOC environment, with a focus on incident response, threat hunting, and host forensics, specifically leveraging M365 Defender product suite.
- Proficiency in using SIEM tools and other security technologies. Ability to track, analyze, and brief on new and ongoing cyber-attacks.

- Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms - Profound knowledge of kill-chain model, ATT&CK framework.
- Knowledge of major cloud and productivity platforms as well as identity systems and related security concern.
- Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements.
- Additional advanced technical degrees or cyber security certifications such as CISSP, OSCP, CEH, or GIAC certifications

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized s