Microsoft Cybersecurity Infrastructure Engineer (Threat Actor Containment and Recovery)

Location: Davies, FL

Duration: 12 Months+

Job Description

This role will collaboratively support a global strategic objective to harmonize the end-to-end Microsoft lifecycle and environment spanning the enterprise.

Primary activities/responsibilities

• Ability to contextualize and prioritize adversary containment and recovery efforts across multiple workstreams
• Ability to quickly build and execute a recovery plan as a response to large-scale impactful incidents involving ransomware and destructive adversarial campaigns
• Deploying forensic collection tooling across a wide range of complex environments
• Identifying potential threats - allowing for proactive defense before an actual incident
• Providing recommendations to improve cybersecurity posture going forward
• Performing knowledge transfer to prepare customers to defend against today's threat landscape  Conduct regular audit on Access and Role

Security threats are constantly evolving, and so is our team. To that end, this role will involve:

• Researching, analyzing, and summarizing security threats and response capabilities, sharing across the team
• Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
• Creating and documenting new solutions to mitigate security issues
• Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses

QUALIFICATIONS

Basic Qualifications

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and anomaly detection
• 3+ years of experience with Threat Actor containment during an incident, rapid recovery of critical infrastructure (primarily Active Directory rebuild and restoration), and eviction of a Threat Actor after an investigation
• 3+ years of Active Directory and associated components (Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, AD tiering models, gMSAs)
• Proficiency in one or more query languages (KQL, SPL, SQL, etc.)

Preferred Qualifications

• 6+ years of experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and anomaly detection
• Experience in PowerShell and bash scripting
• Experience with third-party security products, including but not limited to Splunk, CrowdStrike Falcon, QRadar, etc.
• Experience with Microsoft Public Key Infrastructure (PKI) implementations (AD CS), Active Directory Federation Services (AD FS)
• Understanding and working knowledge of the Linux and MacOS platforms
• Experience with two or more of Microsoft's portfolio of Artificial Intelligence (AI) products such as Security Copilot, Bing Copilot, GitHub Copilot, Office Copilot, and Windows Copilot
• Understanding DevOps concepts such as Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management, and Continuous Monitoring.
• Experience managing virtualization platforms such as Hyper-V, VMware, etc.
• Experience with IP network management, including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flow
• Strong expertise in Microsoft Purview
• Expertise in building data classification and labeling programs to support the organization’s data management and governance for the enterprise.
• Strong experience in data security and data governance
• Familiar with data posture management solutions to optimize data identification and data mapping.
• Strong understanding of the security E5 features that can be used to accelerate work effort
• Strong understanding of domain security, hardening and best practices
• Experience with Microsoft Azure cloud
• Experience with AD Migration Tool (Quest)