Security Operations Engineer

Microsoft runs on trust. As our lives and businesses are becoming increasingly digitized, trust is the glue that holds us together. To create and enhance this trust, we increasingly turn to advanced technologies to anticipate and detect risks. Our work helps Microsoft grow its trustworthy 3rd party ecosystem, while proactively protecting individuals and organizations across the planet. Corruption, theft, cybersecurity, and human rights are complex threats, often intertwined. We have an array of services that help us tackle these problems, and your skills can help us continuously evolve them. In this role you will deliver innovation to every corner of the company, doing work that really matters.  

Our Central Fraud & Abuse Risk team is powered by risk intelligence. We leverage security and compliance domain expertise, troves of labeled data, and talented engineers to deliver resilient services that set the standard for the industry. We build, buy, and integrate the best available components and datasets to deliver a flexible, scalable platform that amplifies both automated and human decision-making. Our team embraces collaboration and the understanding that experimentation (failing fast) drives innovation. In our daily work, we demonstrate growth mindset, respect, accountability, connectedness, integrity, and agility. We are a diverse and inclusive group of individuals who drive to protect others through technology.  

Security Engineering as a Center of  Excellence management. If selected to fill this role, you will leverage data in these systems to understand threats, incidents, and risks and apply the intelligence to contain real time issues, make changes to security approaches, rules, and algorithms in the live systems, and implement features to improve or create system solutions.   We are looking for an energetic, dedicated, and collaborative security engineering professional with a passion for simplifying complex problems in a fast-paced, agile environment. If this sounds like a good fit for you, come help us build the foundation of trust for our world's digital future.

Responsibilities

Identification and Detection of Control Failures

• Using existing systems, monitors existing controls (e.g., network, identity, high security) against security requirements and drives resolution or escalates as needed. Finds opportunities to leverage and contribute to the internal Microsoft community.

Automation

• Implements new automation as directed. Identifies issues with automation and escalates as needed. Executes on direction to evaluate and leverage existing automation where possible. Works with others to identify most valuable investment in automation.

Translate Security Policy and Standards into Effective Controls

• Upholds controls to enable enforcement of security policies and standards for the service and escalates potential departures from policy and standards appropriately. Learns security policy and standards. Shares learnings with others.

Collaboration

• Works with internal and external parties as directed to push solutions to the environment to address specific threats.

Customer/Partner Experience

• Upholds standards for customer and partner experience; escalates issues appropriately for resolution. Advocates for customer needs to drive optimal customer experience. Defines customer and partner requirements, anticipates needs, and measures quality of experience.

Data-Driven Analysis

• Compiles metrics and key performance indicators (KPIs) and other data sources (e.g., bugs, unhealthy data pipeline) to identify potential issues (e.g., usage patterns, identification anomalies). Understands and uses existing KPIs and metrics to identify potential issues. Identifies patterns of anomalies and behaviors.

Security Incident Response

• Utilizing guidance and key operating procedures, analyzes specific aspects of attempted or successful efforts to compromise systems security. Escalates findings as appropriate within agreed response times. Develops ability to analyze independently and make recommendations.

Monitoring and Detection

• Uses monitoring techniques to identify potential or actual intrusions. Analyzes alerts and escalates appropriately. Creates detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]). Continues to drive automation of detection and response.

Red/Purple Team Operations

• Executes tactical processes across kill chain. Distinguishes effective from ineffective tactics and reports accordingly to inform security posture. Maps tactics to MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix and assesses when targets pass and fail against known techniques.

Threat Intelligence and Analysis

• Under direction, analyzes trends in threats that inform prioritization for defense-building capabilities.

Other

• Embody our culture and values

Qualifications

Required/minimum qualifications

• 1+ year(s) of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
• Write, speak and read fluently in English

• CISSP, CISA, CISM, SANS, GCIA, GCIH, OSCP, and/or Security+ certification
• 2+ years experience in deep data analytics including for fraud detection and prevention
• 1+ years of security or compliance analytics or security operations
• Demonstrated understanding of data management processes and practices, and data quality control
• Experience with heuristic and machine learning analytical models and risk management methodology
• Knowledge of Microsoft commercial business programs and operations
• Knowledge of Microsoft compliance and security practices and processes
• Ability to write and read fluently in a second language is preferred, including Arabic, Chinese, Spanish, Portuguese, or Russian
• Azure Fundamentals Certification

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.