Principal Security Researcher- - Zurich, Schweiz - Microsoft

Microsoft

Geprüftes Unternehmen

Zurich, Schweiz

vor 2 Wochen

Geschrieben von:

Lena Schneider

beBee Recruiter

Beschreibung

Do you want to join the Microsoft GHOST team as a Security Researcher?

We are looking for an experienced Security Researcher with a strong analytical background to join our team to perform threat hunts, assist with investigations, develop threat intelligence, and to cultivate investigation best practices into Microsoft tooling and products.

Researchers will support a global team to identify and catalog new attacker TTPs, victims, and deliver customer notifications to protect worldwide enterprise customers and empower customers to protect themselves via constantly improving Microsoft products.

Responsibilities:

This role is part of a collaborative team, assisting our customers with:

Performing deep analysis of attacker activity in on-premises and cloud environments
Identifying potential threats, allowing for proactive defence before an actual incident
Notifying customers regarding imminent attacker activity
Providing recommendations to improve customers' cybersecurity posture going forward and performing threat intelligence knowledge transfer to prepare customers to defend against today's threat landscape
Building proofofconcept and prototype threat hunting tools, automations, and new capabilities
Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
Identifies, prioritizes, and targets complex security issues that cause negative impact to customers. Creates and drives adoption of relevant mitigations and provide proactive guidance
Works with others to synthesize research findings into recommendations for mitigation of security issues. Shares across teams. Drives change within team based on research findings.

Qualifications:

15+ years experience in cyber security or large scale computing, and/or anomaly detection.
Familiarity and understanding of Jupyter Notebooks, or building equivalent threat hunting automations with scripting languages

Experience with some of the following is a distinct advantage:

Consulting background
Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
Use of forensic analysis tools such as X-Ways Forensics, WinHex, Encase, FTK, etc
Microsoft Azure and/or Office365 platform knowledge and experience
Experience with various forensic log artifacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
Excellent understanding of Windows internals and where trace evidence can be found
Knowledge of thirdparty cybersecurity solutions, especially EDR and SIEM solutions
Linux and/or macOS forensic analysis and threat hunting skills
Technical certifications based on domain (e.g., Azure, SharePoint)
Project Management certifications (e.g., PMP, Scrum)
Investigation/Cybersecurity/Digital Forensics/DFIR certifications (e.g. CISSP, SANS GIAC, etc)

If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Microsoft's Global Hunting Oversight and Strategic Triage team.