Security Software Engineer

Job Type:Full Time
Apply Now

Microsoft Threat Intelligence Center is working closely with the Azure Sentinel team to translate our threat expertise into security value for all Azure Sentinel customers – we do this through contributions to the Azure Sentinel github, engagement with the wider security community both internally and externally, and driving innovation grounded in our knowledge of real-world attacks.

Do you want to move cybersecurity forward for companies throughout the world? Have you spent your days committed to investigating security incidents and uncovering malicious behavior? Are you a Tier 3 analyst skilled with the many tools and creative approaches used to hunt bad guys? Are you an investigator at heart, but also a software engineer? If this is you, we want you on our team. Come help us build the technology that will re-shape the security industry and leverage the masses to protect the masses.


What is the specific role’s key deliverables?

In this role you will work directly with customers to understand their needs. You will develop technical solutions that serve those needs. You will collaborate with a multitude of teams and disciplines and contribute to product strategies that enhance the security of our customers.

  • Quickly get up to speed on new 3rd party datasets and figure out how these are relevant in real-world attack scenarios, on their own or in combination with data from Microsoft’s own products and services.
  • Think creatively about novel analysis and investigative approaches, and use your technical skills to prototype those ideas on real data and show their value.
  • You will work directly with the Azure Sentinel team to bring these ideas to production.
  • Convey your understanding, threat expertise and security insights to customers.


Required Qualifications:

  • 5+ years as a Tier 3 analyst or similar role investigating security incidents across data types.
  • Understanding of Advanced Persistent Threat (APT) and associated tactics, targeted attacks, various credential compromise techniques, etc.
  • Familiarity with various attack and detection frameworks like MITRE/Diamond Model, etc.
  • Experience in generating new and innovative ideas to support investigation and hunting based on different data sets. Seeing these ideas through to implementation in a production system.
  • Passionate and having applied knowledge to uncover threats based on log data (Firewall/Event logs/AV logs/IDS, etc.)
  • Experience building a community and sharing blog posts, technical write-ups, articles etc.
  • Self-motivated and results-oriented, with excellent interpersonal and communication skills

Preferred Qualifications:

  • Familiarity with Microsoft Cloud Security technologies like ASC, WDATP, ATP, MCAS or O365.
  • Coding and scripting experience, particularly those related to security and data science like Python, Jupyter Notebooks, R, PowerShell, Common Query languages (SQL, DAX, PowerQuery).
  • Ability to automate repeatable security tasks through scripts and logic apps and share it with wider group.
  • Knowledge of common attacks and defense in Linux environments would be a plus.
  • Familiarity with developer environment tools like Github/Visualstudio/TFS to share code, track work. etc. would be a plus.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.