Security Researcher - Microsoft Defender for Endpoint

Security is a top priority for our customers in a world filled with digital threats and regulatory challenges. At Microsoft Security, we aim to make the world safer by providing end-to-end, simplified security solutions. Our mission is to secure digital platforms, devices, and clouds in diverse environments, while also protecting our internal systems. We embrace a growth mindset, inspire excellence, and encourage our teams to bring their best every day, creating innovations that impact billions of lives.

Join our team and help build Microsoft Defender for Endpoint (MDE), one of our most exciting security products. As cyber-attacks become more sophisticated, MDE helps enterprises detect, investigate, and automatically disrupt advanced attacks and data breaches. Our research team leverages deep knowledge of the attacker landscape to develop innovations that protect against even the most well-funded attackers.

We are seeking an experienced security researcher to join our Israeli research team. Your focus will be on detecting and disrupting sophisticated enterprise attacks. The role involves researching novel attack techniques, analyzing big data from our sensor network, identifying necessary optics for detecting malicious behavior, and crafting detection and protection logic to ensure compromises do not go undetected.

Our team values diversity and strives to hire individuals with varied experiences and perspectives. We understand that no candidate possesses every desired skill and experience, but together, we form a strong, effective team.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Conduct in-depth investigation and research of data across multiple endpoints and additional sources, to identify threats and sophisticated attack incidents.
• Keep up-to-date with latest trends in cyber attacks and create robust, sophisticated detection logics across the entire kill-chain.
• Collaborate with product management, security and engineering teams across the company to design innovative solutions and new disruption capabilities, and validate their effectiveness using a data-driven approach.
• Collaborate with data science teams to understand, identify and implement detection gaps, capabilities, assumptions, and improvements
• Demonstrate thought leadership, be able to engage and enlighten others through compelling meaningful content and informative sessions.
  
  

Qualifications

• You have B.Sc./M.Sc. degree in Computer Science or related technical discipline.
• You have at least 4+ years of hands-on experience in cybersecurity, with a strong understanding of the modern attacker kill-chain and MITRE ATT&CK, preferably in endpoint-based threat scenarios.
• You have Windows internals knowledge.
• You have a good knowledge in at least one programming language such as C# (preferred), Python, or C++.
• You have a good knowledge in at least one query language such as KQL, SQL, Cypher.
• You have an excellent cross-group, leadership and interpersonal skills.
• A growth-oriented and inclusive mindset, valuing diverse perspectives and continuous learning.
• Preferred: Experience in authoring of security research papers, blogs, or books. - Experience with Windows forensics and an understanding of key forensic artifacts, especially around lateral movement scenarios. - Experience with Cloud forensics, including identity attack artifacts and lateral movement techniques.
  
  

Qualifications - Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:

• This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
  
  

#MSFTSecurity #MSFTSecurity

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.