Are you passionate about cutting-edge security services which secure the most crucial assets of Microsoft and its customers? Then this is the place for you. Microsoft’s COSINE & Devices Group (CDG) is responsible for some of Microsoft’s largest and most important online services including Windows Update, Windows Marketplace, Xbox Live, Microsoft Game Studios, the Microsoft Commerce Platform and more. Our team protects those services from attacks and responds swiftly to security incidents across the division.
The CDG Information Security team is looking for a Senior Security Analyst who will focus on detection and response to threats across our internal and external facing IT environments. You will be the first line of defense focused on identifying new attacks, correlating events, and maintaining our SIEM environment.
This role will provide capabilities to our 24x7 Security Monitoring and Intrusion Detection Team. The responsibilities include:
- Proactive monitoring for security threats and timely triage of Security Alerts.
- Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data
- Conduct detailed comprehensive analysis and investigation on a wide variety of security events and implement containment and mitigation processes
- Collaborate with internal security partners and threat intelligence teams to derive indications and warnings of impending threat
- Use security business intelligence to drive prioritization and improvements within Microsoft security programs
- Assist in the build, deploy and tune process of scalable systems that automate security event detection, response and repeatable tasks.
- Performing threat hunting using different log sources like Windows Logs, Network Logs, BRO IDS etc.
- Keep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring
- Participate in creating innovative ways to use a wide range of security event data to advance detection methods.
- Work with security engineering teams to validate detection effectiveness using a data-driven approach ant to identify detection gaps and improvements
- Mentor and provide guidance to junior team members in technical detection and response best practice.
- We handle active security events and respond to threats from a variety of sources, you will be required to participate in 24*7*365 shift and weekend on call rotation as well.