The Windows Defender ATP Research Team is looking for threat hunters. No matter how sophisticated attacker behaviors become, WDATP will help enterprises detect, investigate, and respond to advanced attacks and data breaches on their networks. Our research team uses deep knowledge of the attacker landscape and rich telemetry from our sensors to perform root-cause analysis and generate custom alerts, ensuring that WDATP customers are well equipped to quickly respond to human adversaries identified in their unique environments.
Ensuring that no human adversary can operate silently begins with experts harnessing the powerful optics provided by WDATP, across the attacker kill-chain, coupled with world-class detections. We’re looking for a skilled hunter to harness the power of _Microsoft’s intelligent security graph_ to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of hunting objectives, and drive innovations for detecting advanced attacker tradecraft .
+ Explore large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and generate custom alerts for enterprise customers.
+ Work with customer support teams to support investigations during an enterprise’s time of need.
+ Collaborate with our data science and threat research teams to develop and maintain accurate and durable cloud-based detections.
+ Build hunting tools and automations for use in the discovery of human adversaries.
Minimum requirements include:
+ 5+ years of experience in cyber-security, cyber-defense, threat intelligence, or cyber incident response.
+ 3 year of experience in developing software or tools using C, C++, or C#.
+ Basic experience using analysis tools (e.g. file/network/OS monitoring tools and/or debuggers)
+ Skilled working with extremely large data sets, using tools and scripting languages like: Excel, SQL, Python, Splunk, and PowerBI.
+ Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements.
+ Strong ability to use data to ‘tell a story’.
The following additional experiences are favorable, but not required:
+ Technical BA degree preferred.
+ Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models.
+ Experience with advanced persistent threats and human adversary compromises.
+ Additional advanced technical degrees or cyber security based certifications.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.