Principal Security Research Manager

The mission of Microsoft Security Response Center (MSRC) is to enable Microsoft to build the most trusted devices and services, while keeping our company safe and our data protected. As part of the Microsoft Security organization, and a steward of Microsoft and our customer's data, a core function of MSRC is ensuring the security of every aspect of the business. MSRC is responsible for company-wide information security and compliance, with a strategic focus on information protection, assessment, awareness, governance, and enterprise business continuity. As customer zero, we deploy and secure these services inside Microsoft and then share best practices with enterprise customers at scale across the globe. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

Do you want to join the Microsoft GHOST team as a Senior Security Researcher?
Do you have an interest in helping Microsoft's clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting edge developments in the security industry and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? Are you interested in a fast-paced job full of new opportunities? If so, you might be a candidate for the Global Hunting, Oversight, and Strategic Triage team (GHOST).

We are looking for an experienced Principal Security Research Manager with required analytical background to join our team to lead threat hunts, investigations, oversee developing threat intelligence, and to cultivate investigation best practices into Microsoft tooling and products. . Research Managers will support a global team to identify and catalog new attacker Tools, Techniques and Procedures (TTPs), victims, and deliver customer notifications to protect worldwide enterprise customers and empower customers to protect themselves via constantly improving Microsoft products.

Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Embody our Culture and Values

Qualifications

Required Qualifications:

• 8+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
  
  • OR Doctorate in Statistics, Mathematics, Computer Science or related field.
• 3+ years people management experience.

Other Requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• 9+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
  
  • OR Doctorate in Statistics, Mathematics, Computer Science or related field
• 5+ years people management experience.
• Investigation/Cybersecurity/Digital Forensics/DFIR (Digital Forensic Incident Response) certifications (e.g. Certified Information Systems Security Professional (CISSP), SysAdmin, Audit, Network and Security (SANS), Global Information Assurance Certification (GIAC) etc.)
• Technical certifications based on domain (e.g., Azure, SharePoint)
• Experience with Active Directory and/or cloud identity.
• Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
• Use of forensic analysis tools such as X-Ways Forensics , WinHex , Encase , FTK , etc. Microsoft Azure and/or Office365 platform knowledge and experience
• Experience with various forensic log artifacts found in Security Informationa and Event Management (SIEM) logs, web server logs, Antivirus (AV) logs, protection logs such as Host-based Intrusion Detection Systerm (HIDS) and Network Intrusion Detection System (NIDS) logs
• Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
• Understanding of Windows and Azure internals and where trace evidence can be found
• Knowledge of third-party cybersecurity solutions, especially Extended Detection and Response (EDR) and Security Information and Event Management (SIEM) solutions
• Experience working with consulting companies is a plus.
• Linux and/or macOS forensic analysis and threat hunting skills

Security Research M6 - The typical base pay range for this role across the U.S. is USD $161,600 - $286,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $209,600 - $314,400 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until November 3, 2024

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#GHOST #MSFTSecurity #MSRC #SHPE24MSFT #SWE24

Responsibilities

This role is part of a collaborative team, assisting our customers with:

• Providing direction to teams to ensure efforts are dedicated to prioritized Security Research efforts in multiple projects in different security areas. Overseeing teams researching highest priority security issues and to fully investigate cause, motivation, and impact.
• Advocating for follow through with senior leadership. Ensures feedback loops are active and inform future research efforts
• Ensuring work of the team upholds standards of analysis and design. Recognizing and conveying the impact of security problems and threats.
• Providing thought leadership across teams and creates mechanisms for best practice sharing and strategic impact of insights generated by analyses. Driving Microsoft to be a visible leader in security expertise.
• Driving teams to use results from research and experimentation to drive architecture or product direction. Prioritizing efforts to further develop knowledge areas needed to drive direction in the industry.
• Collaborating with leaders of other engineering teams to identify and propose potential business opportunities, services, and/or product offerings.
• Leveraging technical expertise to anticipate and identify trend changes and adapt work accordingly. Making business recommendations, such as cost-benefit, invest-divest, forecasting, and impact analysis with effective presentations of findings.

If you are looking for a role that will allow you to use your knowledge and experience to strengthen the security posture of customers, you will have a bright future within our Microsoft's Global Hunting Oversight and Strategic Triage team.