Security Researcher II

Responsibilities

• Conduct in-depth research and analysis of emerging tactic, techniques and procedures (TTP’s) targeting M365 systems and ability to emulate attacks in controlled environment
• Design, implement and collaborate with internal teams emulating those attacks and build advanced detections to identify malicious activities within massive, distributed datasets.
• Collaborate closely with software engineers, machine learning specialists, and security analysts to build robust, scalable security solutions for M365 services.
• Develop automation tools, enrichments and processes to streamline research ideas, detection, and incident response workflows.
• Applying insights from penetration testing to develop detections and collaborating with peer teams to create automated tailored scenarios for evaluating detection performance.
• Ensure an optimal signal-to-noise ratio by performing regular analyses of hit ratios, conducting tuning checks to confirm that detections are effective, and minimizing unnecessary noise or false positives within the triage queue.
• Experience with detection metric dashboards and KPI’s used for any new research items and detection effectiveness.
• Use engineering best practices throughout the software development lifecycle to establish maintainable, reliable, and secure systems.
• Collaborate with teammates in various roles to plan and execute on key deliverables.

Qualifications

• 5 to 7 years of technical experience in cyber security research, including proficiency with tools such as SQL, KQL, Scala, Python, Jupyter Notebook, Spark, R, U-SQL, and Power BI. Experience automating repeatable security tasks through scripts or logic apps.
• Experience with security monitoring and response, including use of MITRE or other attack frameworks to identify and address gaps in detection capabilities. Knowledge of the detection response lifecycle and participation in on-call rotations. Skills in reverse-engineering attacks, analysing and prototyping detections to prevent and mitigate threats and abuse. Ability to analyse data flow within environments for detection and protection purposes.
• Practical experience applying knowledge to detect threats using log data from Cloud Service Provider (CSP) environments, such as Azure AAD, Azure Resources, event logs, and firewalls. Experienced in building and analysing new TTPs and creating detections.

• Bachelor's degree in related discipline such as computer security, computer science, computer engineering or information technology.
• Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, Diamond Model and Advanced Persistent Threat (APT) performing Detection and research within Cloud environments.
• Deep and practical OS security/internals knowledge for Linux and Windows
• Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
• Hands-on experience with developer environment tools like Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps, GitHub, and Agile Scrum
• Ability to work effectively in ambiguous situations and respond favourably to change.
• Self-motivated and comfortable working in a startup mode on a new team where there is lots of opportunity.
• Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, etc. are plus