Senior Security Investigator - CTJ - Poly
Microsoft
Senior Security Investigator - CTJ - Poly
Redmond, Washington, United States
Save
Overview
Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
Do you have a passion for security and excitement about impacting some of the largest and most complex security challenges Microsoft is involved with to protect petabytes of business-critical customer data? We are looking for a Senior Security Investigator with the right mix of technical depth, engineering background, on-line services experience, and collaboration skills to help grow and protect Microsoft 365 cloud services.
Microsoft 365 is at the center of Microsoft’s cloud first, devices first strategy bringing together cloud-hosted offerings of our most trusted communications and collaboration services (like Exchange, SharePoint, Teams, and more!) with our cross-platform desktop and mobile clients.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Qualifications
Required/Minimum Qualifications:
- Bachelor's Degree in Statistics, Mathematics, Computer Science or related field OR 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
- Demonstrated hands-on experience querying/analyzing big data using SIEM (Security Information and Event Management) solutions such as ArcSight, Splunk, ElasticSearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, or Azure Sentinel.
Other Requirements:
Security Clearance Requirements: Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.
- Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- Citizenship & Citizenship Verification: This position requires verification of U.S. citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customer and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government Clearance
Preferred/Additional Qualifications:
- 4+ years of experience in cybersecurity roles such as Information Security, Security Operations (SecOps), SOC (Security Operations Center)/CSOC (Cyber Security Operations Center) analyst, researcher, etc.
- Prior experience working with the U.S. Government or Department of Defense.
- Deep understanding of adversary and cyber intelligence frameworks: Kill Chain Model, MITRE ATT&CK, and Diamond Model.
- Strong grasp of security concepts and protocols: encryption, PKI (Public Key Infrastructure), modern authentication, SAML (Security Assertion Markup Language), OAUTH (Open Authorization).
- Solid OS (Operating Systems) internals and security knowledge for both Linux and Windows.
- Familiarity with security domains such as digital forensics, reverse engineering, penetration testing, and malware analysis.
- Hands-on experience with SIEM (Security information and event management) and big data tools: ArcSight, Splunk, ElasticSearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, Azure Sentinel.
- Skilled in working with large datasets using tools/languages like SQL, KQL, Jupyter Notebook, Spark, Azure Synapse, R, U-SQL, Python, and Power BI.
- Experience with Microsoft cloud and enterprise products: O365, Azure, Windows, Exchange, SharePoint, Skype, Teams.
- Experience in development and debugging using functional or object-oriented programming languages such as .NET or Java.
- Comfortable working in ambiguous or evolving environments, including startup-like teams.
- Demonstrated ability and willingness to learn new tools and techniques continuously.
- Industry certifications such as GCIA (Intrustion Analyst), GSLC (Security Leadership), GCIH (Incident Handler), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), etc. are a plus.
Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until July 7, 2025.
Responsibilities
As a Senior Security Investigator you will work closely with other cloud and security experts across Microsoft to investigate threats, proactively hunt for compromise, automate capabilities, develop security tooling and data automation, and contribute your experience and expertise to countless other projects. We work in DevOps model within the Security business and need someone who has a passion for automating their way our of having to do the same thing twice and always thinking about how to scale what we do to millions and millions of users, hosts, and operations. You will be working to solve issues related to the latest security trends and early warning indicators, as well as help design solutions for emerging threats. M365 Security is a fast-paced team that constantly provides new opportunities to learn and grow.