Job Description
This role will collaboratively support a global strategic objective to harmonize the end-to-end Microsoft lifecycle and environment spanning the enterprise.
Primary Activities/responsibilities
Ability to contextualize and prioritize adversary containment and recovery efforts across multiple workstreams
Ability to quickly build and execute a recovery plan as a response to large-scale impactful incidents involving ransomware and destructive adversarial campaigns
Deploying forensic collection tooling across a wide range of complex environments
Identifying potential threats - allowing for proactive defense before an actual incident
Providing recommendations to improve cybersecurity posture going forward
Performing knowledge transfer to prepare customers to defend against today's threat landscape
Security threats are constantly evolving, and so is our team. To that end, this role will involve:
Researching, analyzing, and summarizing security threats and response capabilities, sharing across the team
Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
Creating and documenting new solutions to mitigate security issues
Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
Qualifications
Basic Qualifications
5+ years of experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and anomaly detection
3+ years of experience with Threat Actor containment during an incident, rapid recovery of critical infrastructure (primarily Active Directory rebuild and restoration), and eviction of a Threat Actor after an investigation
3+ years of Active Directory and associated components (Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, AD tiering models, gMSAs)
Proficiency in one or more query (KQL, SPL, SQL, etc.)
Qualifications
6+ years of experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and anomaly detection
Experience in PowerShell and bash scripting
Experience with third-party security products, including but not limited to Splunk, CrowdStrike Falcon, QRadar, etc.
Experience with Microsoft Public Key Infrastructure (PKI) implementations, Active Directory Federation Services (AD FS)
Understanding and working knowledge of the Linux and MacOS platforms
Experience with two or more of Microsoft's portfolio of Artificial Intelligence (AI) products such as Security Copilot, Bing Copilot, Github Copilot, Office Copilot, and Windows Copilot
Understanding DevOps concepts such as Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management, and Continuous Monitoring.
Experience managing virtualization platforms such as Hyper-V, VMware, etc.
Experience with IP network management, including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flow