Senior AI Security Incident Responder
Microsoft
Full-time
Remote
United States
$117,200 - $250,200 USD yearly
Overview
Are you looking for an exciting opportunity to lead Microsoft's response efforts to protect over a billion customers around the world? Are you excited about cybersecurity and ready to join a passionate security response team dedicated to protecting customers from emerging cybersecurity threats? If so, this role may be your next opportunity. Microsoft Security Response Center (MSRC) is looking for motivated and experienced security professionals to join our growing team to coordinate Microsoft’s response to the most critical security issues facing our customers. When you read about hackers in the news; when the integrity of our products are at stake; or when a zero-day exploit is being used to attack customers, the MSRC incident response team works across Microsoft to rapidly defend Microsoft and its customers against these threats.
We are looking to hire a Senior AI Security Incident Responder to join our team.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Qualifications
Required/Minimum Qualifications:
- 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.
- 5+ years of experience in information security incident handling and/or security operations.
- Experience triaging security vulnerabilities and driving product and/or service response.
Other requirements:
• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.
Preferred Qualifications:
- Familiarity with AI models and how to prevent/detect/respond to security threats in AI/ML.
- Working knowledge of common security, encryption and protocols such as encryption, AuthN/AuthZ, PKI, modern authentication and cloud app authorization architectures and protocols such as SAML or OAUTH.
- Expertise with Microsoft's line of security products: Microsoft Defender for Endpoint (MDE), Microsoft Defender for Office (MDO), Microsoft Defender for Identity (MDI), Microsoft Cloud App Security (MCAS), Azure Sentinel, Azure Security Center (ASC), etc.
- Experience with big data and SIEM solutions such as ArcSight, Splunk, Elasticsearch, Logstash, Azure Data Explorer, Azure Log Analytics, Azure Data Lake, Azure Sentinel, etc.
- Ability to work effectively in ambiguous situations and respond favorably to change
- Comfortable working in a startup mode on a new team where there is lots of opportunity
- Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, Etc. are a plus.
- 3+ years working in cyber security (Information Security, InfoSec, SecOps, Security Operations, SOC, CSOC, analyst, researcher, etc.) field.
- Familiarity of security response against active adversaries.
- Experience working with analytics software, like PowerBI, to answer and illustrate complex problems.
- Skilled working with SOAR toolsets.
- Experience working with automation tools such as, logic apps, power automate, and PowerShell.
- Demonstrated ability to understand and communicate technical details, both verbally and written, to varying levels of audiences that may include C-level executives.
- Ability to work collaboratively with engineering teams to drive architectural changes that improve the stability and security of each environment.
- Hands-on experience with Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps and Agile Scrum.
- Demonstrated success in dealing with ambiguity and problem definition under timeline constraints.
- An ability to work well under pressure while maintaining professionalism.
- Exposure to security related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis.
- Ability to meet on call responsibilities periodically to support 24x7 operations.
Security Operations Engineering IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until August 2, 2024.
#Exchange #IncidentResponse #DFIR #DSR #MSFTSecurity #AI #AISecurity
#MSFTSecurity
Responsibilities
- Performing cyber defense incident and/or vulnerability triage to determine scope, urgency, and potential risk impact.
- Make high-stake decisions that enable expeditious remediation of risk to protect customers and Microsoft.
- Track and document cyber defense incidents from initial escalation through final resolution.
- Provide tactical security decisions and coordinate enterprise-wide cyber defenders to resolve incidents.
- Send timely and clear executive updates explaining the risk to customers and Microsoft.
- Advise and validate customer notifications and/or authoritative security guidance for customers.
- Conduct incident analysis, produce reports, and briefs informing threat landscape trends and future investment areas to improve security.
Other: