Cyber Security Analyst II

About the job

Cyber Security Analyst II

Digital Security & Resilience

The mission of Microsoft Digital is to power, protect, and transform Microsoft as the voice of our digital transition in the market. As part of Microsoft’s Cloud + AI Group, we are responsible for building, managing, and securing the platform, products, processes, and services that powers Microsoft. We build, maintain, and implement a cloud-first approach to our technology and experiences, from custom-built business solutions developing our campus of the future and our productivity and collaboration experiences like Teams and SharePoint, to horizontal 3rd party solutions like SAP and Adobe. As a steward of Microsoft and our customer’s data, a core function of Microsoft Digital is ensuring the security of every aspect of the business. Microsoft Digital is responsible for company-wide information security and compliance, with a strategic focus on information protection, assessment, awareness, governance, and enterprise business continuity. Microsoft Digital’s charter is also to influence and work alongside engineers across the company and with strategic partners to build and grow their cloud products and services. As customer zero, we deploy these services inside Microsoft and then share best practices with enterprise customers at scale across the globe. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

The Digital Security and Resilience (DSR) team is looking for a seasoned Security Engineer to work as a Cyber Security Analyst in the Cyber Defense Operations Center (CDOC) focusing on detection, investigation & response of threats against the Microsoft Enterprise. The candidate should be a highly motivated self-starter with attention to detail who can operate in a complex, dynamic environment. This work requires real-time problem solving, technical curiosity, excellent judgement, and strong communication skills. In this role you will have the opportunity to work on cybersecurity issues as part of a dynamic and high-impact team.

We use advanced security technologies, extensive automation, and procedures to protect, detect and respond to security threats in real-time. In addition to day-to-day responsibilities, you will inform security initiatives across the company. You will analyze, contain, and mitigate threats and escalations from multiple sources, both internal and external. You will be involved in the building and tuning of a wide variety of advanced security detections, conducting detailed and comprehensive investigations, and driving issues to closure. You will also contribute to developing innovative automation and orchestration solutions for detection and response. Finally, you will collaborate with security partners and Microsoft security product groups to improve our security posture.


Key responsibilities:

As a member of the DSRE SOC Investigations team your primary responsibilities would include:

  • Detect and respond to security incidents, advanced threats, actor techniques and anomalous or suspicious activity to identify potential and active risks to systems and data
  • Conduct detailed comprehensive analysis and investigation on a wide variety of security events and implement containment and mitigation processes
  • Keep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat monitoring
  • Work with security engineering teams to validate detection effectiveness using a data-driven approach ant to identify detection gaps and improvements
  • Mentor and provide guidance to junior team members in technical detection and response best practices
  • We handle active security events and respond to threats from a variety of sources, you will be required to participate in on-shift and on-call rotation


Basic Qualififcations:

  • 2+ years of demonstrated experience in either security operations or incident response
  • 2+ years of Deep and practical understanding of system internals and/or hardening in one or more of the following: Windows, Linux or macOS operating systems
  • Bachelor’s degree in Computer Science or Engineering, or a related fieldor equivalent alternative education, skills, and/or practical experience.

Preferred Qualifications

  • Experience correlating across very large and diverse data sets (Azure Sentinel, Azure Data Lake, Azure Data Explorer, Cosmos DB)
  • Skilled working with extremely large data sets to answer complex and ambiguous questions, using tools and languages like: SQL, KQL, Jupyter Notebook and Python.
  • Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues
  • Understanding of common threat analysis model’s such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
  • Demonstrated knowledge of common/emerging attack techniques
  • Background in malware analysis
  • Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness
  • Ability to effectively multi-task and prioritize in a fast-paced environment
  • Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations
  • Ability to work effectively in ambiguous situations and respond favorably to change
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
    • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

The ideal candidate will have experience in a team environment, experience with security operations and technical depth in information security domains like authentication, incident response, security monitoring or threat intelligence. In addition, experience in development of security tools and automated investigations to support response operations is highly desirable.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.


  • Computer Hardware
  • Computer Software
  • Information Technology & Services

Employment Type


Job Functions

  • Information Technology

More Information

Apply for this job

Leave your thoughts

Share this job