Cyber Security Analyst II

Reston, VA
Apply HereJob ExpiredView More Jobs

Cyber Security Analyst II

Reston, VA
SOC / Threat Intel
Jul 2

Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster, and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more! The Digital Security and Risk Engineering (DSRE) team is looking for a seasoned Security Engineer to work as a Cyber Security Analyst in the Cyber Defense Operations Center (CDOC) focusing on detection, investigation & response of threats against the Microsoft Enterprise. The candidate should be a highly motivated self-starter with attention to detail who can operate in a complex, dynamic environment. This work requires real-time problem solving, technical curiosity, excellent judgement, and strong communication skills. In this role you will have the opportunity to work on cybersecurity issues as part of a dynamic and high-impact team.  We use advanced security technologies, extensive automation, and procedures to protect, detect and respond to security threats in real-time.  In addition to day to day responsibilities, you will inform security initiatives across the company.  You will analyze, contain, and mitigate threats and escalations from multiple sources, both internal and external.  You will be involved in the building and tuning of a wide variety of advanced security detections, conducting detailed and comprehensive investigations, and driving issues to closure.  You will also contribute to developing innovative automation and orchestration solutions for detection and response.  Finally, you will collaborate with security partners and Microsoft security product groups to improve our security posture.


As a member of the DSRE SOC Investigations team your primary responsibilities would include: 

  • Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data
  • Conduct detailed comprehensive analysis and investigation on a wide variety of security events and implement containment and mitigation processes
  • Collaborate with internal security partners and threat intelligence teams to derive indications and warnings of impending threat
  • Use security business intelligence to drive prioritization and improvements within Microsoft security programs
  • Assist in the build, deploy, and tune process of scalable systems that automate security event detection, response, and repeatable tasks
  • Keep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring
  • Participate in creating innovative ways to use a wide range of security event data to advance detection methods
  • Work with security engineering teams to validate detection effectiveness using a data-driven approach ant to identify detection gaps and improvements
  • Mentor and provide guidance to junior team members in technical detection and response best practices
  • We handle active security events and respond to threats from a variety of sources, you will be required to participate in shift and on call rotation


Required Qualifications

  • 2+ years of hands-on experience in either security operations, threat detection and analysis, incident response and secure network design
  • Deep understanding of system internals and hardening in one or more of the following: Windows, Linux, macOS operating systems
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
    • Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements
    • Candidates must have an Active Top Secret clearance and be willing to upgrade to TS/SCI (with polygraph) or have an Active TS/SCI and be willing to upgrade to TS/SCI (with polygraph). This role will require candidates to maintain the TS/SCI (with polygraph) clearance.
    • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter 

 Preferred Qualifications: 

  • Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB)
  • Experience working with SQL-based databases, Kusto, Log Analytics
  • Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
  • Understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
  • Demonstrated knowledge of common/emerging attack techniques
  • Background in malware analysis
  • Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness
  • Ability to effectively multi-task and prioritize in a fast-paced environment
  • Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations 

 The ideal candidate will have experience in a team environment, experience with security operations and technical depth in information security domains like authentication, incident response, security monitoring or threat intelligence.  In addition, experience in development of security tools and automated investigations to support response operations is highly desirable. 


Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here. Cyberlinx does not own the logos from employers or jobs posts