Vacancy expired!
Principal Incident Response Forensics AnalystDigital Security & ResilienceThe mission of Microsoft Digital is to power, protect, and transform Microsoft as the voice of our digital transition in the market. As part of Microsoft’s Cloud + AI Group, we are responsible for building, managing, and securing the platform, products, processes, and services that powers Microsoft. We build, maintain, and implement a cloud-first approach to our technology and experiences, from custom-built business solutions developing our campus of the future and our productivity and collaboration experiences like Teams and SharePoint, to horizontal 3rd party solutions like SAP and Adobe. As a steward of Microsoft and our customer’s data, a core function of Microsoft Digital is ensuring the security of every aspect of the business. Microsoft Digital is responsible for company-wide information security and compliance, with a strategic focus on information protection, assessment, awareness, governance, and enterprise business continuity. Microsoft Digital’s charter is also to influence and work alongside engineers across the company and with strategic partners to build and grow their cloud products and services. As customer zero, we deploy these services inside Microsoft and then share best practices with enterprise customers at scale across the globe. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!Microsoft is seeking an experienced Incident Response Forensics Analyst to join the Digital Security & Resilience (DSR) Team. As part of this highly collaborative and dynamic organization, you will have the opportunity to work with top talent, some of the newest technologies, and influence security best practices at Microsoft.In the role of Incident Response Forensics Analyst, you will work in partnership with other security, incident, and crisis teams across the enterprise. This work requires real-time problem solving, response investigation and point-in-time cybersecurity forensics assessments, to determine attacker activity on enterprise systems. You will perform forensics analysis, document findings, provide recommendations, develop playbooks, provide timelines, and deliver updates and other communications to a wide range of stakeholders and executives on ongoing incidents and investigations.Preferred work locations:Redmond, WashingtonReston, VirginiaResponsibilitiesKey responsibilities:Triage events, escalations, and incidents to determine remediation and resolution actions.
Perform forensics analysis, document findings, preserve artifacts following approved chain of custody processes for evidence collection and preservation.
Provide recommendations to improve cybersecurity posture going forward based on post incident repair items.
Identify and remediate potential threats.
Communicate status, results, and summaries of security incidents to management.
QualificationsKnowledge, experience and skills required:4+ years in incident response and cybersecurity forensics experience.
3+ years of demonstrated experience in computer security-related disciplines, including but not limited to the following subject areas: software vulnerabilities and exploitation, host forensics, malware analysis, network traffic analysis, Insider Threat, and web-focused security topics.
Knowledge about modern security-related subjects and trends, for example, Advanced Persistent Threat (APT), Spear Phishing, and credential compromise techniques.
Experience with APT actor group evidence including familiarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and attack Tools, Techniques and Procedures (TTPs).
3+ years of experience using computer forensic analysis tools.
Preferred, not required:Knowledge of a cloud computing environment such as Microsoft Azure would be an advantage.
Security Operations Center (SOC) experience
Related certifications e.g., GIAC certifications
The ideal candidate will have experience in a highly collaborative team environment, Security Operations Center or equivalent experience in enterprise-scale services and platforms, technical depth in a highly dynamic, complex environment.Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form (https://careers.microsoft.com/us/en/accommodationrequest) .Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.#DSR
Vacancy expired!