Security Analyst

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate.

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

Microsoft Cyber Defense Operations is seeking a Security Analyst to join our team. In this role, you’ll collaborate with security experts across Microsoft to investigate threats, proactively hunt for compromise, enhance and automate processes, and contribute your expertise to initiatives that strengthen the security and scalability of our services. You’ll be part of a team focused on identifying emerging threats, coordinating large-scale responses, and driving investigations that protect our customers.

This is a unique opportunity to work in a high-impact environment where your contributions directly support the security of Microsoft’s cloud platform and online services. The Security Analyst will be passionate about strengthening defenses and protecting customers from evolving threats. If you’re driven by the mission to protect and innovate, this role offers continuous opportunities to learn and grow.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Automation
  
  

Identifies and raises opportunities for automation to improve efficiency and effectiveness. Creates automation as appropriate to drive greater efficiency with high value.

• Collaboration
  
  

With minimal guidance, works with internal and external parties to push solutions to the environment to address threats.

• Customer/Partner Experience
  
  

Maintains standards for customer and partner experience. Responds appropriately to customer and partner issues and engages others as needed for resolution. Drives improvements. Identifies trends in customer and partner experience. Recommends improvements. Advocates for customer needs to drive optimal customer experience. Defines customer and partner requirements, anticipates needs, and measures quality of experience.

• Data-Driven Analysis
  
  

Analyzes key metrics and key performance indicators (KPIs) and other data sources (e.g., bugs, unhealthy data pipeline) and identifies trends in security issues and escalates appropriately. Recommends improvements and/or metrics to address gaps in measurement. Leverages multiple sources of data in conducting and interpreting analysis. Evaluates data sets for anomalies and other patterns.

• Identification and Detection of Control Failures
  
  

Proactively identifies and investigates potential issues in controls (e.g., network, identity, high security). Leverages expertise and team members to address and drive down issues accordingly. Identifies and/or recognizes patterns and recommends potential mitigation strategies. Finds opportunities to leverage and contribute to the internal Microsoft community.

• Monitoring and Detection
  
  

Identifies potential issues with detection (e.g., false positives, noise). Engages others to escalate appropriately. Analyzes potential or actual intrusions identified as a result of monitoring activities. Creates detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]). Continues to drive automation of detection and response.

• Red/Purple Team Operations
  
  

Drives processes across kill chain. Evaluates tactics for effectiveness and to inform security posture. Organizes and contributes to Red Team reports and issue tracking.

• Security Incident Response
  
  

With minimal guidance, analyzes attempted or successful efforts to compromise systems security. Identifies potential next steps to resolve. Works with partner teams on recommendations to limit exposure. Implements appropriate response plans. Continues to develop ability to analyze independently and make recommendations. Influences others to take action.

• Threat Intelligence and Analysis
  
  

Identifies potential threats based on external trends and recommends prioritization for defense-building capabilities.

• Translate Security Policy and Standards into Effective Controls
  
  

Implements security policy and standards for the service. Escalates issues and recommends mitigations accordingly. Identifies gaps in security policy and administration and recommends mitigation strategies. Engages with other teams to drive consistency and awareness of security policies and standards. Educates others (e.g., business partners, peers) on security policy.

• Embody our culture and values
  
  

Qualifications

Required Qualifications

• Bachelor's Degree in Statistics, Mathematics, Computer Science or related field OR 3+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response.
• 3+ years of experience working with large-scale cloud environments (Azure or similar)
• 3+ years of experience in performing Digital Forensics and Incident Response (DFIR)
  
  

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
  
  

Preferred Qualifications

• 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection OR Master's Degree or Doctorate in Statistics, Mathematics, Computer Science or related field.
• Active certification in digital forensic or pen testing such as: GCIA, GREM, GCFE, GCFA, OSCP
  
  

Security Operations Engineering IC3 - The typical base pay range for this role across the U.S. is USD $100,600 - $199,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $131,400 - $215,400 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until October 9, 2025.

#CISOOrg #MSFTSecurity

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.