Security Operations Engineer

Microsoft runs on trust, and our trusted cloud was built on the foundational principles of security, privacy, compliance, and transparency.  We’re looking for people to help us keep that promise every day.  Do you have a passion for security and excitement about impacting some of the largest and most complex security challenges Microsoft is involved with?  Do you want to help us protect Microsoft customers and their data from adversaries? We are looking for a Security Operations Engineer to help protect our customers and services from those who try to abuse and misuse our services.  In this role, you will leverage a mix of data analytics, engineering skills, on-line services experience, and collaboration skills to help create automated detection and response systems to protect our cloud services from those who try to abuse them.   

As a Security Operations Engineer for the Microsoft Centralized Fraud Abuse Risk team (CFAR), you will work closely with other cloud and security experts across Microsoft to investigate abuse of our platform and services.  You will also work with data science team members to apply big data analytic skills to proactively identify attack patterns and automate our detection and response capabilities. You will work to understand how adversaries misuse and abuse our platform and disrupt their activities.  We work in a DevOps model within the security business, so we are looking for someone who has a passion for applying data analytics to scale to millions of users, hosts, and operations. Working as a part of the Centralized Fraud Abuse Risk team (CFAR), you will work to solve issues related to the latest fraud and abuse trends and early warning indicators, as well as help design solutions for emerging threats. CFAR is a fast-paced team that constantly provides new opportunities to learn and grow.  

This is a unique opportunity within Microsoft to work in a dynamic team, taking on complex challenges in the business.  Come and bring your technical data analytics acumen, collaboration, and automation skills to help protect our customers!

This role will require you to be onsite in Redmond a minimum of 2 days per week.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

Core Responsibilities:

• Perform investigation on suspected compromised assets and services and analyze log data and other artifacts to determine what occurred. 

• Apply big data analytics to identify how to detect adversary attacks and work closely with data science and engineering teams to implement detections at scale. 

• Participate in and contribute to:
  • Cyber threat intelligence sharing forums and platforms
  • Organizing and curating threat intelligence
  • Forming macroscopic perspective on adversaries, actors, and campaigns

• Partner with other teams across Microsoft to ideate, implement, and evolve systems and features to combat fraud. 

Other

• Embody our Culture and Values

Qualifications

Required Qualifications:

• 3+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response  

• OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field.  

• 2+ years of experience in anti-abuse/anti-fraud/anti-cybercrime space OR in a field that has transferrable hands-on technical skills such as: cyber security threat intelligence, security research, etc. 

• 3+ years of experience in applying big data analytics techniques to solve security problems. 

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: 

• Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
• Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.
• Controlled Technology: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide proof of citizenship, U.S. permanent residency, or other protected status (e.g., under 8 U.S.C. § 1324b(a)(3)) for assessment of eligibility to access the export-controlled information.  To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable. 

Preferred Qualifications:  

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection  
  • OR Master's Degree in Statistics, Mathematics, Computer Science or related field.  

• CISSP, CISA, CISM, SANS, GCIA, GCIH, OSCP, and/or Security+ certification.  

• Experience working in large scale cloud products: Azure, Microsoft 365, or similar competitive products in the industry. 

• Exposure to security-related subjects and trends such as digital forensics, reverse engineering, penetration testing, and malware analysis. 

• Prior experience working with large data sets analytics to answer complex and ambiguous questions using tools and languages like: SQL, KQL/Azure Data Explorer, Jupyter Notebook, Spark, R, U-SQL, Azure Synapse, Azure Machine Learning, Azure Data Lake, Python, or PowerBI. 

• Experience in creating and improving process automation and tools/systems/API integration using Python or PowerShell. 

Security Operations Engineering IC3 - The typical base pay range for this role across the U.S. is USD $98,300 - $193,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $127,200 - $208,800 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until May 5, 2025. 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#MSFTSecurity #CFARJobs #SecurityJobs #Abuse #Fraud