Principal Threat Hunter - Hyderabad @ Microsoft

Responsibilities

• Lead a team of threat hunters as a technical expert with management responsibilities
• Explore large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and generate custom alerts for enterprise customers.
• Work with customer support teams to support investigations during an enterprise s time of need.
• Collaborate with our data science and threat research teams to develop and maintain accurate and durable cloud-based detections.

• Inform the development of hunting tools and automations for use in the discovery of human adversaries.

Minimum requirements include:

• 3 + years of experience managing a team of security professionals, ideally with a Security Operations Center or Incident Response function
• 5 + years of experience in a technical role in the areas of Security Operations , T hreat I ntelligence, C yber I ncident R esponse , or Penetration Testing/Red Team

• Advanced experience using analysis tools (e.g. file/network/OS monitoring tools and/or debuggers)
• Advanced knowledge of Windows OS internals and security mechanisms
• Skilled working with extremely large data sets, using tools and scripting languages such as : Excel, SQL, Python, Splunk, and PowerBI

The following additional experiences are favorable, but not required:

• Technical B S degree preferred in Computer Science, Computer Engineering, Information Security, Mathematics, or Physics
• 1+ years of experience developing software or tools using C++, C # , Python, Ruby, or similar
• Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models
• Experience with system administration in a large enterprise environment including Windows and Linux servers and workstations , network administration, cloud administration
• Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks

• Experience with advanced persistent threats and human adversary compromises
• Additional advanced technical degrees or cyber security based certifications such as CISSP, OSCP, CEH, or GIAC certifications