Senior Security Investigator - CTJ - Poly
Not Disclosed•Full-TimeOn-site
location_onRedmond Town Center, 7525, 166th Avenue Northeast, Downtown Redmond, Redmond, King County, Washington, 98052, United States
Microsoft 365 sits at the center of our cloud-first, devices-first strategy, uniting trusted cloud-hosted services like Exchange, SharePoint, and Teams with cross-platform clients. The Security Response Team (SRT) is dedicated to protecting petabytes of business-critical customer data by tackling some of the largest and most complex security challenges Microsoft faces.
We operate within a DevOps model, driven by a passion for automation and scalability. Our mission is to empower every person and organization to achieve more by fostering a culture of inclusion built on respect, integrity, and accountability. As a fast-paced team, we constantly provide opportunities to learn, grow, and innovate to protect millions of users, hosts, and operations.
As a Senior Security Investigator, you will partner with cloud and security experts to investigate threats, proactively hunt for compromises, and develop security tooling. Your work will focus on solving issues related to the latest security trends and early warning indicators while designing solutions for emerging threats.
You will be expected to think about how to scale our operations to millions of users and automate repetitive tasks to drive efficiency. This role involves analyzing massive data sets to answer complex questions, identifying potential issues in detection, and executing proactive adversary hunts using diverse log sources and threat intelligence. You will help design the future of our security posture by creating detections based on Indicators of Compromise (IOC) and Tools, Tactics, and Procedures (TTP).
This position requires candidates to meet specific U.S. Government security screening requirements, including an active Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Verification of this clearance, along with U.S. citizenship, is mandatory prior to an offer of employment.
Applications are accepted on an ongoing basis until the position is filled. The role will remain open for a minimum of 5 days.
Microsoft is an equal opportunity employer. We consider qualified applicants regardless of age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations, and ordinances. We are committed to creating a culture where everyone can thrive at work and beyond.
Work model: On-site
Redmond Town Center, 7525, 166th Avenue Northeast, Downtown Redmond, Redmond, King County, Washington, 98052, United States
Redmond, Washington
Prior experience working with the US Government or US Department of Defense. Bachelor's degree in related discipline such as computer security, computer science, computer engineering or information technology. Good working knowledge of common security, encryption, and protocols such as encryption, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH. Past experience working in large scale enterprise products: M365 products such as Exchange, SharePoint, Skype, Teams. Deep and practical OS security/internals knowledge for Linux and Windows. Exposure to security related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis. Experience with the Microsoft cloud and/or stack including O365, Azure, Windows or other Microsoft software/services. Working knowledge of Azure AI Foundry. Ability to work effectively in ambiguous situations and respond favorably to change. Comfortable working in a startup mode on a new team where there is lots of opportunity. Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH. 4+ years working in cyber security.
AAMVA (American Association of Motor Vehicle Administrators) • Arlington, Virginia
Amazon • Seattle, Washington
Amazon • Seattle, Washington
Skills: SQL, KQL, Jupyter Notebook, Spark, Azure Synapse, R, U-SQL, Python, Splunk, Power Bi.
Education: Doctorate in Statistics, Mathematics, Computer Science, Cyber Security, or related field; Master's Degree in Statistics, Mathematics, Computer Science, Cyber Security, or related field with 3+ years experience; Bachelor's Degree in Statistics, Mathematics, Computer Science, Cyber Security, or related field with 4+ years experience.