Sr Consultant CYBER, Intrusion Response Investigator
October 22, 2017
Do you have a passion for helping Microsoft’s clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry, communicating with security industry leaders, and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? If so, you might be a candidate for the Microsoft Enterprise Cybersecurity Group Incident Response Team. The team is looking for a strong, experienced intrusion response investigator / senior consultant to join our client-facing group that responds to cases of targeted exploitation at Microsoft customers worldwide.

Ideal candidates should possess some of the following skills:
• Practical, hands-on experience in investigating interactive computer network exploitation cases, especially in performing live response.
• Excellent understanding of Windows internals and where trace evidence can be found.
• Solid understanding of common exploitation tools, tactics and procedures. Familiarity with the APT and how malicious software persists on victim systems. Demonstrated ability to locate hidden malware and to create timelines.
• Exposure to the common forensic toolsets, such as FTK, EnCase, HBGary Responder Pro, Volatility, etc. and their application in incident response is a plus.
• Familiarity with enterprise computer network defense systems, such as NIDS, HIDS, SIEM/SEMs, web proxies, antivirus, and specialized-purpose security systems is necessary to assist clients during a response.
• Scripting experience and knowledge of the Microsoft Server stack is preferred.
If you are looking for a role that allows you to use your knowledge and passion to strengthen Microsoft's product defenses and keep customers informed and protected from emerging security threats you may have a bright future with our Incident Response Team.

The successful candidate will have a BS in Computer Science / Engineering, or comparable experience in a related discipline with 5-7+ years of relevant work experience.
Travel is an integral part of this position as are high levels of recognition and visibility.

Short-notice travel will likely be as high as 50% or higher as is demanded by the needs of our customers and our business. Position location is flexible.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements.
Microsoft is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to

A little about us:
Microsoft offers training and employment opportunities to help you turn your military experience and skills into a civilian technology career.

Know someone who would be interested in this job? Share it with your network.