Cyber Security Analyst

Main Location
Redmond, WA, United States
Open jobs

Cyber Security Analyst


Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!


The Digital Security and Risk Engineering (DSRE) team is looking for Security Professionals to work on a highly collaborative, dynamic and high-impact security team.  The Security Operations and Incident Response Team is looking for motivated and qualified individuals to perform outstanding work as a Cyber Security Analyst supporting the Microsoft corporate and specialized Government networks.


As a Cyber Security Analyst, you will have the opportunity through advanced security technologies and extensive automation to detect security threats, conduct detailed and comprehensive investigations, and drive issues to remediation and closure. You will have the opportunity to collaborate with teams across the company on technology and processes to improve automation, detection, response, and drive security efforts at the highest levels within the company.  You will have the opportunity to contribute to developing innovative solutions for cyber defense that will protect the company and our global customers.  


Key responsibilities:

  • Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity to identify potential and active risks to systems and data.
  • Conduct detailed comprehensive investigation and triage on wide variety of security events and implement response and remediation efforts.
  • Drive prioritization of significant security events across the operations center and incident response teams
  • Keep up to date on emerging vulnerability and threat trends. Collaborate with internal security partners to derive indications and warnings of impending threat, use this knowledge to drive proactive threat monitoring.
  • Participate in creating innovative ways to use a wide range of security event data to advance detection methods and product capability.
  • Develop and maintain operational playbooks that guide the security operation’s day to day activities
  • Participate in shifts, on call rotation, and after-hours responsibilities and escalations in a 24x7 environment.

Knowledge, experience and skills required:

  • Bachelor’s degree in Computer Science or Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience.
  • Working knowledge/understanding of TCP/IP or OSI network protocol stack and major protocols (TCP, UDP, ICMP, HTTP, SMTP, etc.)
  • 1 + years of hands-on experience in security operations or working with security logs to detect and resolve issues.
  • Working knowledge of security tools such as NIDS/NIPS, HIDS/HIPS, SIEM, SOAR, and security analysis tools
  • Understanding of web and database technologies.
  • Able to perform shiftwork in a 24x7 operating environment.
  • Must have strong verbal and written communication skills; ability to communicate effectively to internal and external business partners as well as technical, and non-technical staff
  • Demonstrated enthusiasm for learning new things and ability to pick up new ideas quickly
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
    • Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements
    • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter 

Preferred, not required:

  • Experience in analyzing a wide variety of network/host security logs to detect and resolve security issues
  • Experience with Cloud Computing and technology
  • Understanding of threat analysis model’s: Diamond Model, Cyber Kill Chain, and MITRE ATT&CK
  • Understanding of system events and host level analysis of Windows, MacOS, and Linux operating systems.
  • Background in malware analysis
  • Experience with Python, Jupyter Notebooks, PowerShell, or R with RESTful APIs
  • Experience working within a diverse organization to gain support for your ideas; Seeks to leverage work of others to increase effectiveness
  • Ability to effectively multi-task and prioritize in a fast-paced environment
  • Demonstrates maturity and leadership qualities when dealing with conflicting views and difficult conversations
  • CISSP or related GIAC certifications

The ideal candidate will have experience in a team environment, experience in a Security Operations Center, Incident Response, or equivalent experience in enterprise scale services and platforms. Experience in development of security tools and automation to support security operations and hunting.  Possess technical depth in highly dynamic, complex environment.


Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.


Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

We're a community of women leveraging our connections into top companies to help underrepresented women get the roles they've always deserved. Simultaneously, we work to build truly inclusive hiring processes and environments where women can thrive and not just survive.
Are you hiring? Join our platform for diversifiying your team
Cyber Security Analyst
Microsoft Corporation