Come and be part of the team building one of Microsoft's most exciting security products, Windows Defender Advanced Threat Protection (WDATP). As cyber-attacks have become more sophisticated, WDATP helps enterprises detect, investigate, and respond to advanced attacks and data breaches on their networks. We are seeking a leader to help us grow our team of expert threat hunters to elevate customers' security operation center (SOC) efficiency and proficiency by providing the tailored context, actions, and support necessary to rapidly respond to an advanced adversary in their network. This team will leverage the billions of sensors surfaced via WDATP, cutting edge threat discovery research, and human expertise to ensure breaches do not go undetected and customers are supported in their hour of need. This leadership position requires deep domain knowledge in threat hunting, experience in security operations, and the capability to manage a globally distributed team of experts.
Hire and manage a team of talented threat hunters and security analysts, working closely with data scientists and other security researchers across WDATP Plan and organize threat hunting at scale using WDATP's sensors and rich telemetry Design effective processes to triage suspicious signals and security events, discover undetected incidents and human adversaries in action, and interact with affected customers to respond to the breach Provide security expertise on demand to customers for questions related to on-going attacks, detections, and security incidents Scale operations by building hunting
Required qualifications: BS+ in Computer Science or Computer Engineering Proven team leadership and people management capabilities via 3+ years of experience managing a team performing security monitoring operations 5 + years of experience in either forensics for multiple platforms, security incident response, or investigating and recovering from compromise Excellent interpersonal skills and effective written/verbal communication skills, with experience presenting to C-level audiences Good knowledge of kill-chain model, ATT and CK framework, and modern redteam techniques Preferred qualifications: