Come and be part of the team building one of Microsoft's most exciting security products, Windows Defender Advanced Threat Protection (WDATP). As cyber-attacks have become more sophisticated, WDATP helps enterprises detect, investigate, and respond to advanced attacks and data breaches on their networks. From detecting nation state actors to patient zero ransomware infections, our research team brings deep knowledge of the attacker landscape and tradecraft to create the innovations necessary to uncover even the most well-funded attacker. We are seeking a strong engineer experienced in Windows development in C/C++ as well as C#, ideally with an interest in security. Your role will be to improve our OS sensor and deliver end-to-end detection logic in the cloud via our Detection Platform. OS sensor work requires the ability to dig into the Windows kernel and services and modify existing code, as well as develop new features for our kernel driver and user-mode service. Our detection Platform
Perform security research and partner with Research peers to understand attacker techniques and the available telemetry to enable detection via heuristic rules Add or improve security telemetry generated by the operating system kernel or user-mode services (using C/C++) Leverage the security telemetry in the cloud to implement detection rules in C# Validate detection effectiveness using a data-driven approach Maintain deployed detection rules as needed (reduce false positives) Work with Data Science peers to apply novel machine-learning or statistical detection strategies, taking proof-of-concept
Required qualifications: 5+ years of software developer experience. BA in Computer Science degree or other related disciplines. 3+ years of software developer experience with C/C++ and C# on Windows Preferred qualifications: Knowledge of Windows/NT internals Windows debugger tools experience (user / kernel-mode) Kernel-mode development experience on Windows Experience in cyber security or cyber defense #WDATPRED