SENIOR PROGRAM MANAGER
Reston, VA 20190
Microsoft Threat Intelligence Center (MSTIC), a part of Cloud & Enterprise, is looking for an innovative threat intelligence expert with proven technical leadership capability to help protect Microsoft and its customers against targeted attacks by identifying and tracking sophisticated adversaries.
The requirements of this role are twofold:
1. In-depth technical knowledge of adversary capabilities, infrastructure, and techniques that can be applied to define, develop, and implement the techniques both to discovery and track the adversaries of today and identify the attacks of tomorrow.
2. Proven ability to build strategic relationships with key threat intelligence partners in government and industry.
You will be persuasive in getting buy-in for your ideas both within the Microsoft Threat Intelligence Center and from key engineering groups across Microsoft, working in partnership with them to protect both Microsoft assets and Microsoft’s wider customer base through improved product and services offerings.
You will strengthen existing partnerships and build new ones with key organizations deliver benefit to Microsoft and its customers.
- 3+ years supporting incident response and deeply familiar with common incident response procedures, processes, and tools
- 6+ years of experience leading analysis by working with at least one of the following: (1) analyzing network data across the various protocol layers and an applied understanding of a range of application/transport/network protocols; or (2) analyzing sophisticated malware samples used in targeted attacks against large corporate or government entities; or (3) analyzing host forensic and log data associated with advanced targeted adversaries
- 3+ years software development experience with at least one of these languages: C, C++, C#, Python, or Java
- Applied knowledge in every feature of the Diamond Model (Adversary, Infrastructure, Capability, and Victim) and how those features interact during adversary operations – particularly how to pivot through the Diamond to uncover new intelligence.
- Applied knowledge of adversary phases of operation- particularly how to work across the phases in order to uncover new intelligence.
- +4 years producing actionable threat intelligence on targeted and advanced persistent adversaries enabling network and host defenses in external organizations with demonstrable impact.
- Tracked at least four distinct APT adversaries over a period of at least one year ascertaining and characterizing various TTPs, capabilities, infrastructure, and campaigns.
- Must have applied knowledge across all critical elements and common data types used in threat intelligence analysis, including: malware used in targeted adversary campaigns; and host and log forensics including methods of data collection and analytic techniques; and network forensics including common protocols and how those are used in adversary operations
- Applied knowledge of a variety of adversary command and control methods and protocols
- Demonstrated interpersonal skills (adaptability, inclusiveness, optimism, curiosity, empathy, courage, respect) which support the development of high functioning teams
- Demonstrated capability to coherently present potentially sensitive threat intelligence to a wide variety of audiences in public forums.
- +4 years working with a variety of external partners working on sensitive threat intelligence issues
Additional preferred skills:
- +2 years working with products and services to improve security for customers
- +3 years working with both strategic and tactical threat intelligence customers and evaluating their requirements
- +2 years of experience correlating across very large and diverse datasets (HDInsight / Hadoop)
- +2 years working with SQL-based databases
- +3 years of experience of development involving extraction/manipulation/summarization of network data.
- +3 years of experience working closely with threat intelligence analysts to understand their workflow and analytic problems and turning those into large-scale analytics
- +2 years of experience working within a diverse organization to gain support for your ideas
- Reverse-engineering & binary analysis.
- Windows internals – especially in the areas of event management and networking (sockets/RPC/named pipes…)
Must be a US citizen
Domestic and international travel will be required, estimated to be less than 30%.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.
Microsoft Corporation (NASDAQ: MSFT) is an American public multinational corporation headquartered in Redmond, Washington, USA that…