Overview
Location: Canberra, Australian Capital Territory. Contract: Full time. Remote. This role is within the Cloud & AI organization and supports Microsoft’s mission to secure digital technology platforms, devices, and clouds in heterogeneous environments, while safeguarding our internal estate. The team fosters a growth mindset, excellence, and collaboration to deliver life-changing innovations for billions of people. Microsoft is a large enterprise services company.
Do you want to join the Microsoft GHOST team as a Principal Security Researcher? If you are passionate about defending clients against targeted exploitation, interested in cutting-edge security developments, and want to help customers go toe-to-toe with advanced adversaries, consider joining the Global Hunting, Oversight, and Strategic Triage team (GHOST).
We are seeking an experienced Security Researcher with a strong analytical background to perform threat hunts, assist with investigations, develop threat intelligence, and codify investigation best practices into Microsoft tooling and products. Researchers will support a global team to identify and catalog attacker TTPs, victims, and deliver customer notifications to protect enterprise customers worldwide and empower customers to defend themselves via continuously improving Microsoft products.
Responsibilities
- Perform deep analysis of attacker activity in on-premises and cloud environments
- Identify potential threats and enable proactive defense before an incident
- Notify customers regarding imminent attacker activity
- Provide recommendations to improve customers’ cybersecurity posture and transfer threat intelligence knowledge to prepare customers for today’s threat landscape
- Build proof-of-concept and prototype threat hunting tools, automations, and new capabilities
- Drive product and tooling improvements by communicating threat hunting and incident response learnings to engineering teams
- Identify, prioritize, and address complex security issues affecting customers; create and drive adoption of mitigations and proactive guidance
- Collaborate to synthesize findings into mitigation recommendations; share across teams and drive team change based on research
Qualifications
Required/Minimum Qualifications:
- 7+ years of experience in large-scale computing, modeling, cybersecurity, and/or anomaly detection
- Or experience with threat hunting, digital forensics, reverse engineering, incident response, etc.
- Or Master’s Degree in Statistics, Mathematics, Computer Science, or related field
- Ability to obtain and maintain a Security Clearance
Microsoft Cloud Background Check: This position requires passing the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Additional or Preferred Qualifications:
- Knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
- Understanding of malware and modern threat landscape, especially identity-based attacks
- Familiarity with SQL or Kusto Query Language (KQL) or SIEM query languages (e.g., Splunk, Humio, Kibana)
- Familiarity with Jupyter Notebooks or building threat hunting automations with scripting
- Consulting background
- Active Directory expertise
- Experience with threat actor indicators (IOCs, IOAs, TTPs)
- Experience with forensic tools (e.g., X-Ways Forensics, WinHex, Encase, FTK)
- Microsoft Azure and/or Office 365 platform knowledge
- Experience with forensic log artifacts in SIEMs, web server logs, AV logs, HIDS/NIDS logs
- Familiarity with Microsoft Defender 365 security stack and Advanced Hunting queries
- Strong understanding of Windows internals and trace evidence
- Knowledge of third-party cybersecurity solutions (EDR, SIEM)
- Linux and/or macOS forensic analysis and threat hunting skills
- Technical certifications (e.g., Azure, SharePoint); project management or DFIR certifications (e.g., CISSP, GIAC)
#GHOST #MSFTSecurity
If you are looking for a role that allows you to apply your knowledge to strengthen customers’ security posture, you may have a bright future within Microsoft’s Global Hunting Oversight and Strategic Triage team.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations. Post a CV.
Registration is completely free and allows you to submit your resumes and receive job alerts directly to your email.
#J-18808-Ljbffr