Threat Hunter and triaging team to performs specific tasks driven by tools and reports developed by the Microsoft Defender Advanced Threat Protection (MDATP) Research team within the Security and Compliance to help evaluate the performance of detection rules that protect Microsoft customers from malware and advanced attacks.
Additionally, drives investigations into missed detections, while helping to enable partner teams to develop contextual reports about incidents observed for customers. This includes providing labeling and/or grading support for determining the accuracy of complex rules and detections which may drive process improvements into tooling, reporting, or collateral.
Further, assists the data sciences, response, threat intelligence, and product feature teams in determining criteria for making accurate decisions, improving detection capabilities, and clearly communicating to customers.
May also perform duties dedicated to documenting trends and incidents and validating issues with tools or supporting services. The complete process includes working with many partners, including MDATP management, data scientists, reverse engineers, threat intelligence analysts and developers, and cross-group partners as needed.
Human intelligence in the system is needed to make the call on a day-to-day basis regarding unusual patterns or situations, as well as to drive innovations in automation technologies.
To ensure Threat Hunters team meet the Microsoft, customer and/or government security screening requirements. These requirements include specialized security screenings: CJIS. Citizenship & Citizenship Verification: This position requires verification of U.S. citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport. The successful candidate must have an active U.S. Government CJIS Security clearance.