Senior AI Investigator

Artificial Intelligence (AI) has the potential to change the world around us.  At Microsoft, we are committed to the advancement of AI driven by ethical principles.  We are looking for a Senior AI Investigator to join a small incubation team to leap forward forensic investigations for Microsoft and our customers.  This is a role that will split time between incident investigation and then building the ecosystem for others to investigate AI issues when they arise.  It puts you at a crucial juncture protecting customers and building out the defender frameworks to enable others.  Are you passionate about security and technology in society?  This may be a great opportunity for you! 

Who we are: 

We are the Artificial Generative Intelligence Security (AeGIS) team, and we are charged with ensuring justified confidence in the safety of Microsoft’s generative AI products.  This encompasses providing an infrastructure for AI safety; serving as a coordination point for all things AI incident response; researching the quickly evolving threat landscape; red teaming AI systems for failures; and empowering Microsoft with this knowledge.  We partner closely with product engineering teams to mitigate and address the full range of threats that face AI services – from traditional security risks to novel security threats like indirect prompt injection and entirely AI-native threats like the manufacture of Non-consensual Intimate Imagery (NCII) or Child Sexual Abuse Material (CSAM) or the use of AI to run automated scams.  We are a mission-driven team intent on delivering trustworthy AI and response processes when it does not live up to those standards. 

We are always learning.  Insatiably curious.  We lean into uncertainty, take risks, and learn quickly from our mistakes.  We build on each other’s ideas, because we are better together.  We are motivated every day to empower others to do and achieve more through our technology and innovation.  Together we make a difference for all of our customers, from end users to Fortune 50 enterprises. 

Our team has people from a wide variety of backgrounds, previous work histories, and life experiences, and we are eager to maintain and grow that diversity.  Our diversity of backgrounds and experiences enables us to create innovative solutions for our customers.  Our culture is collaborative and customer focused. 

What we do: 

The AI Incident Detection & Response team is a small team of subject matter experts that has been brought together to accelerate and support Microsoft’s AI services.  We work across the company and with many stakeholders to ensure we deliver justified trust in our AI services.  Our work is split between proactive and reactive work.  The reactive work is the most familiar for investigators which is in the thick of the incidents.  We come into incidents with a need for more information and context - this role helps deliver that.  The proactive work involves defining forensic needs for all customers and working with teams to deliver solutions that make AI forensics understandable and easier.  Our work doesn’t begin and end with the incident’s date stamps.  We work to improve and create a more resilient system that enable defenders to protect their AI uses and services. 

How you can help: 

We are searching for seasoned cyber forensic investigator who is interested in expanding their skills and expertise into the AI realm.  The candidate will be looking to grow skills enabling other defenders to do the work they know well.  You will be an active forensic practitioner and a subject matter expert steering the future of how customers interact with AI incidents.   

AI is an emerging area as a technology.  The candidate will thrive in ambiguity, identifying critical stakeholders, and delivering results under time constraints. 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. 

Responsibilities

• Independently analyzes attempted or successful efforts to compromise systems security; recommends next steps and escalations to resolve.
• Develops response plans for new or nuanced issues.
• Devises mitigation steps; provides guidance to limit exposure.
• Manages stakeholder communication appropriately.
• Conducts postmortem analysis.
• Helps others understand triage, analysis, and prioritization of cyber forensics involving AI services.
• Collaborate with partners to refer investigations to the appropriate authorities. Serve as the primary organization contact with these internal partners.
• Collaborates with internal and external parties to ensure service level agreement (SLAs) are reached when addressing threats. Supports development of requirements for solutions; defines new requirements and feature sets.
• Contributes to security policy and standards; maintains accurate and comprehensive security policy and standards; designs mitigation strategies to addresses identified gaps in policy. Educates others (e.g., business partners, peers, industry) on security policy. Recognizes patterns and trends and recommends solutions for improvement. Recommends refinement of security policy and standards.
• Work with product engineering teams to ensure appropriate features to enable defenders investigating and remediating AI-related attacks are available. Advocate for quicker, simpler incident response to match the severity of the threats.
• Embody our Culture and Values 

Qualifications

Required/minimum qualifications 

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.

  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

• 3+ years of experience researching or investigating cyber incidents 

Other Requirements 

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: 

• Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Additional or preferred qualifications 

• Bachelor's Degree in Statistics, Mathematics, Computer Science or related field AND 7+ years of experience in forensic investigations, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response. 

• Demonstrated curiosity to learn about attacker patterns and behaviors 

• Experience working with extremely large data sets, using tools and scripting languages like KQL, Jupyter notebooks, Python, PowerShell, Splunk, SQL, and PowerBI 

• Platform and web forensic experience including certificate and file hash analysis, Windows system log analysis, tracing and investigating IP addresses and the associated geographies 

• Proficient knowledge of adversary capabilities, infrastructure, and techniques as well as an understanding of operating system functionality that can be applied to define, develop, and implement the techniques that discover and track the adversaries and threats of today and tomorrow 

• Excellent communication skills with an eye for detail and the ability to articulate business needs in cross-group and partner scenarios 

• A desire to learn, grow, and drive change 

• Demonstrated knowledge of threat intelligence, incident response methodology, and attacker tradecraft 

• A solid understanding of Microsoft organizations, technologies and products, especially as they relate to security, will ensure a quick start 

Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until October 15, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#MSFTSecurity #MSECAIR #AIJobs #AeGIS