Security Operations Engineer

Are you looking for a challenge that puts you at the center of the Microsoft Edge + Platform Security Fundamentals (EPSF) strategy? Are you passionate about solving the security challenges of critical online services? Are you passionate about defensive and offensive security?  Microsoft's EPSF (Edge + Platform Security Fundamentals) team is responsible for securing some of Microsoft's largest and most influential online services in the Azure Edge & Platform (AEP) organization and Windows Devices organization (W+D). The EPSF Services Pentest (SERPENT) team needs a Senior Security Operations Engineer to increase our business partners' security posture. EPSF Security has a world-class security team that helps ensure a secure experience for millions of users worldwide. We primarily focus on offensive security and defensive security and work closely with multiple teams across the company to continually improve our operational awareness. 

 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

 

Responsibilities

The primary responsibilities of this role include:

• Monitoring and Detection
Identifies potential issues with detection (e.g., false positives, noise); engages others to escalate appropriately. Analyzes potential or actual intrusions identified as a result of monitoring activities. Creates detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]). Continues to drive automation of detection and response.

• Translate Security Policy and Standards into Effective Controls
Implements security policy and standards for the service; escalates issues and recommends mitigations accordingly. Identifies gaps in security policy and administration and recommends mitigation strategies. Engages with other teams to drive consistency and awareness of security policies and standards. Educates others (e.g., business partners, peers) on security policy.

• Collaboration
With minimal guidance, works with internal and external parties to push solutions to the environment to address threats.

• Data-Driven Analysis
Analyzes key metrics and key performance indicators (KPIs) and other data sources (e.g., bugs, unhealthy data pipeline) and identifies trends in security issues and escalates appropriately. Recommends improvements and/or metrics to address gaps in measurement. Leverages multiple sources of data in conducting and interpreting analysis. Evaluates data sets for anomalies and other patterns.

• Penetration Testing
Drives processes across kill chain; evaluates tactics for effectiveness and to inform security posture. Organizes and contributes to Red Team reports and issue tracking.

• Automation
Identifies and raises opportunities for automation to improve efficiency and effectiveness. Creates automation as appropriate to drive greater efficiency with high value.

• Identification and Detection of Control Failures
Proactively identifies and investigates potential issues in controls (e.g., network, identity, high security); leverages expertise and team members to address and drive down issues accordingly. Identifies and/or recognizes patterns and recommends potential mitigation strategies. Finds opportunities to leverage and contribute to the internal Microsoft community.

• Security Incident Response
With minimal guidance, analyzes attempted or successful efforts to compromise systems security; identifies potential next steps to resolve. Works with partner teams on recommendations to limit exposure. Implements appropriate response plans. Continues to develop ability to analyze independently and make recommendations; influences others to take action.

• Threat Intelligence and Analysis
Identifies potential threats based on external trends and recommends prioritization for defense-building capabilities.

Qualifications

Required Qualifications:

• 3+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.

Other Requirments 

 

Cloud Background Check:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.

 

Microsoft Cloud Background Check:

This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

 

 

Perfered Qualifications 

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
  • OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
• CISSP, CISA, CISM, SANS, GCIA, GCIH, OSCP, and/or Security+ certification.
• Experience in understanding and remediating security vulnerabilities in large complex systems quickly.
• • Experience in technical disciplines outside security space, including general software development, networking, database management, and full-stack development.
• Demonstrated coding skills in one or more popular languages and platforms such as: C#, C++, Ruby, Python, and others.

Security Operations Engineering IC3 - The typical base pay range for this role across the U.S. is USD $98,300 - $193,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $127,200 - $208,800 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

 

Microsoft will accept applications for the role until November 26, 2024

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

 

#EPSF