Do you have a passion for helping Microsoft’s clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? Are you interested in a fast-paced job full of new opportunities?

If so, you could be a candidate for the Microsoft Detection and Response Team (DART) within our Security Service Line (SSL) organization.  The team is looking for a strong, experienced Security Analyst to join the investigation team of advanced cyber-attacks for our worldwide commercial and public-sector enterprise customers as part of our end-to-end security service line.

Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us achieve our mission. 

Industry Solutions helps Microsoft customers around the world get the best outcomes from their investments in the latest Microsoft cloud technologies. We focus on empowering customers on their digital journey, from envisioning new possibilities to delivering solutions that result in targeted business outcomes and a great customer experience. 

Responsibilities

Pre-Sales Support

Collaborates with internal stakeholders (e.g., Solution Architect, Account Delivery Executive, Pursuit Lead, Sales Solution Specialist) in the pre-sale process by understanding business requirements and providing industry and technical input and/or solution offerings to help shape the deal. Supports drafting proposals and/or statement of work (SOW).

Provides input on staffing and skill requirements for delivery to Resource Deployment, Technical Delivery Managers (TDMs), and/or Project Managers.

Technical Delivery

Follows capacity process outlined by Global Capacity Management team. Maintains tools with up-to-date skills and availability.              

Leads meetings with customers/partners to understand business needs. Uses business, industry and technology strategies to map customer/partner requirements to the adoption and optimization of Microsoft technology solutions. Engages others appropriately to understand and define customer requirements.

Participates in project planning and develops project documents by identifying the risks and dependencies. Communicates the business value of planned solutions to customers/ partners. Identifies technical and business risks in programs and proposes mitigations. Assists project managers/architects in preparing for steering committee (e.g., developing artifacts). Manages their schedule and communicates to project leads. Generates and delivers Work Breakdown Structure (WBS).

Implements solutions and may provide oversight and leadership on workstreams across domains while adhering to Microsoft Services processes. Aligns solutions with the intent of the architecture.

Manages escalations, analyzes situations, and coordinates appropriate resources to resolve issues by following delivery practices, considering cost implications, and engaging in conversations with internal and external stakeholders (e.g., Customer Service and Support, Project Manager, Solution Architect, Product Group) as needed.

Proactively manages executive-level customer/partner/stakeholder relationships to identify and contribute to the drivers of satisfaction and dissatisfaction, determine the root cause, and establish recovery actions to improve experience. Works with account team to ensure One Microsoft approach. Shares lessons learned with workgroup and consultant community.

Intellectual Property Management

Acts as an ambassador in consumption of intellectual property (IP) by leveraging and/or modifying existing IP or creating repeatable content where applicable. Provides feedback on Managed IP for continuous improvement, reports IP gaps, reviews IP to be considered for harvesting and curation and ensures it is logged for consumption. Improves Managed Standard Offerings (MSO) quality and collaborates with portfolio and solution teams of the domain by providing feedback.

Business Development

Identifies opportunities to expand or accelerate the adoption and consumption of the cloud and Microsoft technologies. As appropriate, facilitates other team members to scale the business with existing customers by articulating value propositions of strategic Microsoft products and services and developing new offerings for the domain. Drives innovation and digital transformation. Ensures the use of existing intellectual property (IP).

Readiness

Learns new technologies or services based on business demands and industry trends. Obtains relevant accreditations and certification(s) as advised by domain leadership team. Identifies certifications and readiness plans in partnership with domain Chief Technology Officer (CTO). Leads or participates in relevant technical communities, and conducts training sessions to evangelize technology and/or offerings based on availability. Mentors team members and acts as a technical advisor for stakeholders by providing thought leadership, articulation of solutions value, and outcomes of business strategies.

Operational Excellence

Completes operational tasks and readiness, and ensures timeliness and accuracy. Follows Microsoft policies, compliance, and procedures (e.g., Enterprise Services Authorization Policy, Standards of Business Conduct, labor logging, expenses, travel guidelines). Leads as example and guides team members on operational tasks, readiness, and compliance.

Other

Embody our culture and values

Monitor customers via Microsoft Security Stack and provide advanced detection and response service though security event analysis and review

Perform live response data collection and analysis on files of interest

Perform triage and collect data on relevant events

Determine and validate findings and conclusions

Perform incident response and basic malware analysis to investigate incidents

Help navigate the customer from incident response triage into the incident response process if findings are substantiated

Resolve false positives and communicate effectively with other stakeholders

Maintain current knowledge of tools and best-practices in forensics and incident response and an understanding of advanced persistent threats, including: tools, techniques, and procedures of attackers

Collaborate with other Microsoft incident responders, security intelligence groups, and product groups to provide feedback on detection gaps and features to improve customer security posture.

On-call work will likely be required as is demanded by the needs of our customers and our business. Position location is flexible.

Qualifications

Required/Minimum Qualifications

Bachelor's Degree in Computer Science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business

OR equivalent experience.

3+ years’ experience as a security analyst or in a similar role.

Additional or Preferred Qualifications

5+ years leadership experience in relevant area of business.

Technical certifications based on domain (e.g., Azure, SharePoint).

Project Management certification (e.g., PMP, Scrum)

Functional knowledge and experience with incident response management and case triage

Experience with reviewing and analyzing data logs from various security platforms, Microsoft Security Stack preferred (Defender for Endpoint, Defender for Identity, Sentinel)

Excellent understanding of Windows internals and where trace evidence can be found

Understanding forensic artifacts

Experience with the following is highly preferred:

Active Directory

Incident Response or other relevant security analyst related experience

APT actor group evidence handling

Familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and attack Tools, Techniques, and Procedures (TTPs)

Familiarity and understanding of basic SQL or KQL queries 

Microsoft Azure and/or Office 365 platform knowledge and experience

Understanding technology and security principles and possess knowledge of the cyber threat landscape

Experience navigating and working with a case management system

If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Microsoft’s Detection and Response Team (DART). 

#DART

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

The salary for this role in the state of Colorado is between $116,900 and $175,300. At Microsoft, certain roles are eligible for additional rewards, including annual bonus and stock. These awards are allocated based on individual performance. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee’s role. Benefits/perks listed here may vary depending on the nature of your employment with Microsoft and the country where you work.US-based employees gain access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and fitness benefits, among others. 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#indsol