Threat Analyst - The Microsoft Threat Intelligence Center

Last updated 5 days ago
Location:Gloucestershire
Job Type:Full Time

The Microsoft Threat Intelligence Center (MSTIC), a part of Cloud & AI, is recruiting experienced nation-state threat hunters – either with a strong malware reverse engineering focus, or highly honed threat intelligence analysis skills. Just as our understanding of nation-state threat actors has helped MSTIC produce threat intelligence to protect Microsoft and its customers, so we are reapplying some of these cutting-edge techniques and analysis to tackling the Human Operated Ransomware (HOO) problem – not just the final payload, but building the full intelligence picture of these cybercrime groups. 

MSTIC is responsible for delivering timely threat intelligence across our product and services teams, assist with our engineering response to security issues/incidents, and assists with government policy outreach for the company. 

Responsibilities

Candidates need to be persuasive in getting buy-in for their ideas both within MSTIC and from key engineering groups across Microsoft, for example the Microsoft Defender anti-malware team, working in partnership with them to protect both Microsoft assets and Microsoft’s wider customer base through improved product and services offerings.

You will strengthen existing partnerships and build new ones with key organizations deliver benefit to Microsoft and its customers.

Applied knowledge of the phases of a cyber operation - particularly how to work across the phases to uncover new intelligence is essential. Knowledge of HRO is desirable but not critical.

You will have experience of working with:

  • products and services to improve security for customers.
  • both strategic and tactical threat intelligence customers, including evaluating their requirements.
  • a diverse organization to gain support for your ideas.

Both a demonstrated capability to coherently present potentially sensitive threat intelligence to a wide variety of audiences in public forums and experience working with a variety of external partners working on sensitive threat intelligence issues 

You will be persuasive in getting buy-in for your ideas both within the Microsoft Threat Intelligence Center and from key engineering groups across Microsoft, working in partnership with them to protect both Microsoft assets and Microsoft’s wider customer base through improved product and services offerings.

Domestic and international travel will be required, estimated to be less than 30%. 

Malware reverse engineering focus

In this role you are responsible for supporting threat intelligence analysis by creating tools and performing malware binary analysis to enable identifying and tracking sophisticated adversaries. You will work with the other Microsoft teams to ensure comprehensive coverage of high-impact threats. 

Successful applicants must meet these requirements: 

In-depth technical knowledge of adversary capabilities, infrastructure, and techniques that can be applied to define, develop, and implement the techniques both to discovery and track the adversaries of today and identify the attacks of tomorrow. 

Tactical software development to support triage and analysis of datasets and information associated with APT activity and behavior as well as APT artifact analysis. 

Experience of development involving extraction/manipulation/summarization of network data.

Experience working closely with threat intelligence analysts to understand their workflow and analytic problems and turning those into large-scale analytics.

Reverse-engineering & binary analysis to include dynamic and static malware analysis.Experienced user of static analysis tooling (e.g., IDA Pro, Ghidra etc.)

Windows internals - especially in the areas of event management and networking (sockets, RPC, named pipes etc.)

Knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; host and log forensics including methods of data collection and analytic techniques; and network forensics including common protocols and how those are used in adversary operations.

Applied knowledge of a variety of adversary command and control methods and protocols.

Threat intelligence analysis focus

In this role you be responsible for identifying and tracking sophisticated adversaries. Successful applicants meet these requirements: 

In-depth technical knowledge of adversary capabilities, infrastructure, and techniques that can be applied to define, develop, and implement the techniques both to discovery and track the adversaries of today and identify the attacks of tomorrow. 

Experience producing actionable threat intelligence on targeted and advanced persistent adversaries enabling network and host defenses in external organizations with demonstrable impact.

Tracked at least four distinct APT/HOR adversaries over a period of at least one year ascertaining and characterizing various TTPs, capabilities, infrastructure, and campaigns.

Must have applied knowledge across all critical elements and common data types used in threat intelligence analysis, including malware used in targeted adversary campaigns; host and log forensics including methods of data collection and analytic techniques; and network forensics including common protocols and how those are used in adversary operations.

Applied knowledge of a variety of adversary command and control methods and protocols.

Experience supporting incident response and deeply familiar with common incident response procedures, processes, and tools.

Qualifications

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.