MSTIC TI Analyst

Company: Microsoft Corporation
Location: Redmond
Posted on: June 7, 2021

Job Description:

Effectively track two advanced threats and provide weekly updates and tactical protections against the two threats. Create context reports with updates semi-yearly.

Required Qualifications:

• In-depth technical knowledge of adversary capabilities, infrastructure, and techniques that can be applied to define, develop, and implement the techniques both to discovery and track the adversaries of today and identify the attacks of tomorrow.
• Proven ability to build strategic relationships with key threat intelligence partners in government and industry.
• Applied knowledge of adversary phases of operation- particularly how to work across the phases in order to uncover new intelligence.
• 4+ years producing actionable threat intelligence on targeted and advanced persistent adversaries enabling network and host defenses in external organizations with demonstrable impact.
• Tracked at least four distinct APT adversaries over a period of at least one year ascertaining and characterizing various TTPs, capabilities, infrastructure, and campaigns.
• Must have applied knowledge across all critical elements and common data types used in threat intelligence analysis, including:
• Malware used in targeted adversary campaigns
• Host and log forensics including methods of data collection and analytic techniques

• Network forensics including common protocols and how those are used in adversary operations.

• Applied knowledge of a variety of adversary command and control methods and protocols.
• 3+ years supporting incident response and deeply familiar with common incident response procedures, processes, and tools.
• 6+ years of experience leading analysis by working with at least one of the following:
• Analyzing network data across the various protocol layers and an applied understanding of a range of application/transport/network protocols
• Analyzing sophisticated malware samples used in targeted attacks against large corporate or government entities

• Analyzing host forensic and log data associated with advanced targeted adversaries

• Demonstrated interpersonal skills (adaptability, inclusiveness, optimism, curiosity, empathy, courage, respect) which support the development of high functioning teams.
• Demonstrated capability to coherently present potentially sensitive threat intelligence to a wide variety of audiences in public forums.

#AzureSecOpen

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Track threat activity daily on new overlaps with MS customers and products. Develop and push Nation State notifications. Create IOC's pushed to product for tactical protections. Work with Product Group for TTP detection deployment and product hardening. Create reports for customer consumption describing MS's knowledge of the threat.

Keywords: Microsoft Corporation, Redmond , MSTIC TI Analyst, Other , Redmond, Washington