Security Operations Engineer - SOC

Our team sits at the heart of Microsoft’s AI & High Performance Computing business – shaping and delivering the next generation of supercomputing. As a Security Operations Engineer – SOC Analyst, you will help develop, operate, and maintain security services supporting the evolving needs of one of our largest and most significant customers.

As a Security Operations Engineer – SOC Tier 2 Analyst you support a managed security service for Microsoft working on a long-term cloud integration program. The Security Operations Engineer is responsible for executing a managed cyber security service and will make sure this meets customer contractual requirements and is targeting “goal” zero for all cybersecurity incidents. As a Tier 2 Analyst you will play a critical role in identifying, analysing, and mitigating complex security incidents and breaches within the organizations network and systems. You will work with a wide range of teams to ensure the overall safety and security of the environment and work closely with key stakeholders.

This role will allow you to develop your security and technical skills. You will have the opportunity to impact both Microsoft’s strategy and the world-wide mission of one of the largest and most forward-leaning customers. The customer’s scenarios will be lighthouses for their markets and present an opportunity for Azure and Microsoft to learn and grow, create transformative technology offerings, and advance competitive advantages. Our team values collaboration, craftsmanship, and continuous learning. As a member of the team, you will be able to shape and grow a positive and productive engineering culture.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Qualifications

Required Qualifications:

• Bachelor’s Degree in Statistics, Mathematics, Computer Science or related field
  • OR Experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology.
• Relevant certifications such as Certified Incident Handler (GCIH), Certified SOC Analyst (CSA), Certified Threat Intelligence Analyst (CTIA)
• Relevant Microsoft certifications such as Azure Security Engineer Associate (AZ-500), Security Administrator Associate (MS-500), Identity and Access Administrator Associate (SC-300).
• Proven experience in a SOC environment, preferably with a focus on Microsoft Defender suite and Microsoft Sentinel.

Other Qualifications:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Master’s Degree in Statistics, Mathematics, Computer Science
  • OR related field
  • OR Experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
  • CISSP CISA CISM SANS GCIA GCIH OSCP Security+
• Experience reading and/or writing code (e.g., sample documentation, product demos).
• In-depth knowledge of security operations center concepts, processes, technologies, tools (technical skills and hands-on experience with various security solutions such as SIEMs (e.g., IBM QRadar), SOARs (e.g., Microsoft Sentinel, Defender suite), XDRs (e.g., CrowdStrike Falcon), threat intelligence platforms (e.g., Recorded Future), vulnerability scanners (e.g., Qualys)), frameworks, standards, and regulations AND OR proficiency in Kusto Query Language (KQL).
• Understanding of advanced cybersecurity concepts, threat landscape, and attack methodologies AND OR experience with the creation, configuration and use of Playbooks, Notebooks and Workbooks.
• Demonstrated experience in conducting in-depth incident analysis, threat hunting, and forensic investigations.

Responsibilities

• Incident Triage: Investigate and triage security alerts escalated from Tier 1 SOC analysts, determine severity and potential impact of the incident, and follow the triage process until closure.
• Threat Analysis: Conduct in-depth analysis of security events to identify malicious activities, tactics, techniques, and procedures used by threat actors.
• Security Incident Handling: Assisting with the containment, eradication, and recovery process in response to security incidents.
• Vulnerability Assessment: Participating in vulnerability assessment and management activities to identify and remediate security weaknesses.
• Security Tool Management: Managing and configuring security tools, specifically Microsoft Sentinel and the Microsoft Defender suite including Defender for Cloud and Microsoft 365 Defender.
• Threat Intelligence: Utilizing threat intelligence feeds and sources to stay up-to-date with the latest threats and vulnerabilities.
• Collaboration: Collaborating with other members of the SOC team, as well as external and internal stakeholders.
• Continuous Improvement: Contributing to the improvement of SOC processes, procedures, and documentation, including the creation and upkeep of Analytics Rules, Playbooks/Notebooks/Workbooks within Microsoft Sentinel.
• Leadership: Mentor SOC Tier 1 Analysts to improve detection/analytical capabilities within the SOC and monitor SOC Tier 1 Analyst performance.

NB this role can be performed remotely and from anywhere in the UK.

#J-18808-Ljbffr