Senior Security Researcher
On site
Cheltenham, United Kingdom
Full Time
03-04-2025
Job Specifications
Overview
Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
Do you want to join the Microsoft GHOST team as a Security Researcher?
Do you have a passion for helping Microsoft’s clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? Are you interested in a fast-paced job full of new opportunities? If so, you might be a candidate for the Global Hunting, Oversight, and Strategic Triage team (GHOST).
We are looking for an experienced Security Researcher with a strong analytical background to join our team to perform threat hunts, assist with investigations, develop threat intelligence, and to cultivate investigation best practices into Microsoft tooling and products. . Researchers will support a global team to identify and catalog new attacker TTPs, victims, and deliver customer notifications to protect worldwide enterprise customers and empower customers to protect themselves via constantly improving Microsoft products.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Responsibilities
This role is part of a collaborative team, assisting our customers with:
Performing deep analysis of attacker activity in on-premises and cloud environments
Identifying potential threats, allowing for proactive defence before an actual incident
Notifying customers regarding imminent attacker activity
Providing recommendations to improve customers’ cybersecurity posture going forward and performing threat intelligence knowledge transfer to prepare customers to defend against today’s threat landscape
Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
Identifies, prioritizes, and targets complex security issues that cause negative impact to customers. Creates and drives adoption of relevant mitigations and provide proactive guidance
Works with others to synthesize research findings into recommendations for mitigation of security issues. Shares across teams. Drives change within team based on research findings.
Qualifications
A BS in Computer Science or Engineering or comparable experience in a related discipline, along with demonstrated expertise in the following areas:
Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
Strong understanding of malware and the modern threat landscape, especially identity-based attacks
Detail oriented and reliable problem solver mentality
Excellent oral and written communication skills including concisely communicating status; concisely, clearly, and comprehensively documenting findings
Robust critical thinking skills and willingness to learn new concepts and technologies
A desire to learn and grow, as well as a desire to help others do so
Familiarity and understanding of SQL or Kusto Query Language (KQL) queries (or experience with large database/SIEM query languages such as Splunk/Humio/Kibana, etc.)
Familiarity and understanding of Jupyter Notebooks, or building equivalent threat hunting automations with scripting languages
Experience with some of the following is a distinct advantage:
Consulting background
Active Directory subject matter expertise
Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)
Use of forensic analysis tools such as X-Ways Forensics®, WinHex®, Encase®, FTK®, etc
Microsoft Azure and/or Office365 platform knowledge and experience
Experience with various forensic log artifacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
Familiarity with Microsoft Defender 365 security stack (for Endpoints, Identity, Cloud, etc), especially with Advanced Hunting query writing
Excellent understanding of Windows internals and where trace evidence can be found
Knowledge of third-party cybersecurity solutions, especially EDR and SIEM solutions
Linux and/or macOS forensic analysis and threat hunting skills
Technical certifications based on domain (e.g., Azure, SharePoint)
Project Management certifications (e.g., PMP, Scrum)
Investigation/Cybersecurity/Digital Forensics/DFIR certifications (e.g. CISSP, SANS GIAC, etc)
The successful candidate must have or be able to obtain the Security Check (SC) or Developed Vetting (DV) clearance as issued by the United Kingdom Security Vetting Unit (UKSV). Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Microsoft’s Global Hunting Oversight and Strategic Triage team.
#GHOST #MSFTSecurity #CISOOrg
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic...
About the Company
Microsoft Innovation Center provides students, customers and partners with a comprehensive set of programs and services. The goal of these centers is to foster innovation and growth in local software economies. MIC provides access to world-class resources for students, software developers, IT professionals, academic researchers and entrepreneurs. Primary areas of focus include: A. Building skills and intellectual capital through training courses, employment programs and mentoring experiences. B. Fostering industry partners... Know more
Related Jobs
- Company Name
- KPMG UK
- Job Title
- Service Delivery Security Manager
- Job Description
- Service Delivery Security Manager – 106879 Base Location: Hybrid/UK based (core office in London) plus network of 20 offices nationally: www.kpmg88careers.co.uk/experienced-professional/#LeBlender.OfficeLocations The KPMG EWT function is a cornerstone of our business. We do work that matters to our local business and communities – supporting technical innovation and adoption of cutting-edge solutions across the UK. Working on complex engagements in enterprise technology this team is responsible for the delivery of cutting-edge technical solutions and trusted to get it right first time. KPMG is one of the world's largest and most respected consultancy businesses, we've supported the UK through times of war and peace, prosperity and recession, political and regulatory upheaval. We've proudly stood beside the institutions and businesses which make the UK what it is. Why join KPMG EWT as a Service Delivery Security Manager? The Service Delivery Security Manager role is in the KPMG UK Information Security function and reports directly to the Security Production Assurance & Compliance Lead. This role is critical in the provision and delivery of secure, innovative, technology-enabled services and solutions for KPMG and our clients. The role is vital to KPMG’s ability to demonstrate that we are delivering ‘secure by design’ services and solutions such that our business stakeholders, our clients and our regulators trust KPMG. What will you be doing? The primary purpose of the role is to enable harmonious delivery of Security Services, by ensuring strong collaboration with the external Service Providers and entire range of KPMG business functions. There are 3 main areas of focus: Manage the security services relationship to protect the delivery of the end to service services that involve all KPMG UK Technology services, or third-party suppliers. Provide governance for infrastructure security services Provide an overview of the complete set of services provided by all KPMG UK Technology services, or third-party suppliers and troubleshoot any issues and escalate as appropriate. Key responsibilities are: Work closely with the Service Owners who are accountable for the end-to-end services, understand their roadmap for the service and the day-to-day operational requirements. Maintain and lead the process to manage the Governance of these services. Ensure firm standards and guidelines are followed, and contractual or operational commitments are delivered. Review and govern the Service Provider Quality, Improvement Plans, Issues and Operational Risks, engaging the Security Production Assurance & Compliance Lead as required. Raise and build consensus around issues or escalations and enable timely resolution. Govern Service Provider Knowledge Management, Knowledge Transfer, Reporting, Documentation and other engagement practices to ensure ongoing operational excellence. Review Service Provider capacity plan to ensure it has enough capacity to meet the required demand and is in line with the Service Owner’s roadmaps. Consolidate and provide reports on the delivery of Security services and initiatives across the relevant KPMG capabilities. Ensure any planned changes across Technology or Service Provider are co-ordinated to ensure there is minimum disruption to Information Security services. Communicate major changes or enhancements in Information Security to Service Provider/ Business function and vice-versa. Act as a single point of contact for general queries or issues flowing to and from the Security Function to the delivery teams. Work closely with the Service Delivery Managers and Service Owners to ensure everyone has a clear view of the remediations and expectations. Work closely with the Security Production Assurance & Compliance Lead to implement the operational security activities, processes and standards as determined by them. Build long-term stakeholder relationships including negotiating service levels, and defining project scope. Monitor, review and drive compliance to security policies, guideline and standards (as defined by KPMG) using compliance reports supplied by the Supplier and internal teams. You will escalate issues to the Security Production Assurance & Compliance Lead where necessary. Use your experience to propose changes to existing policies and procedures based on feedback from Internal and Supplier Service Operations teams to Security Production Assurance & Compliance Lead to drive operating efficiency and compliance. You will support incident and problem management teams in prioritisation of security issues and serve as an active participant in the security governance processes. Manage and develop the compliance for relevant technical security domains using automation, digitisation, security by design and a customer focussed approach as appropriate, and formulate a service strategy and roadmap for these. What will you need to do it? Ability to create and maintain insightful dashboards (ideally via PowerBI), by unifying reports and metrics from various sources (e.g. spreadsheets and SaaS platforms.) Excellent and relevant experience in a similar infrastructure or technology management leadership role Proven understanding of change management processes in a fully change managed environment (ITIL) Excellent interpersonal skills, ability to negotiate and influence wide range of stakeholders at all levels of the firm; UK and Global Experience in managing delivery teams and the delivery of Managed IT services Experience in managing relationships with key stakeholders and 3rd party suppliers Able to deliver transformation plans to support operational objectives Literate and numerate, with Good financial and commercial skills Must have excellent presentation skills Sets challenging objectives that reflect key strategic medium and longer-term priorities Works on CPD to maintain professional status/accreditation. Strong understanding of tooling associated with infrastructure services management such as Endpoint Protection, IT Service Management (ITSM) platforms, and a range of security tools. Experience and knowledge of managing applications and infrastructure within the Cloud. Be able to demonstrate the ability to adapt communication style to explain technical concepts to different people within an organisation whether advising stakeholders, directing teams or sharing experience. Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services. Skills we’d love to see/Amazing Extras: CISM CISSP Cloud-related Certifications Our Locations: With 20 sites across the UK, we can potentially facilitate office work, working from home, flexible hours, and part-time options. If you have a need for flexibility, please register and discuss this with our team. Find out more: Within Consulting we have a range of divisions and specialisms. Click the links to find out more below: Consulting at KPMG: ...
- Company Name
- Job Title
- Technical Program Manager, Sales Solutions and Operations, Global Submarine Networks
- Job Description
- Minimum qualifications: Bachelor's degree in Computer Science, Engineering, a related technical field, or equivalent practical experience. 5 years of experience in network, sales, or operations. 5 years of experience in program management. Experience with Network Architecture. Preferred qualifications: Experience identifying and recommending scalable technical solutions to improve customer strategy. Experience and understanding in Submarine cable or telecommunications. Excellent written/verbal communication/presentation skills, and strong strategic and problem solving skills, with the ability to plan, pitch, and execute a start to finish business strategy. About The Job A problem isn’t truly solved until it’s solved for all. That’s why Googlers build products that help create opportunities for everyone, whether down the street or across the globe. As a Technical Program Manager at Google, you’ll use your technical expertise to lead complex, multi-disciplinary projects from start to finish. You’ll work with stakeholders to plan requirements, identify risks, manage project schedules, and communicate clearly with cross-functional partners across the company. You're equally comfortable explaining your team's analyses and recommendations to executives as you are discussing the technical tradeoffs in product development with engineers. The Global Submarine Networks (GSN) team designs, builds and operates the subsea backbone network used by Google to provide our products and services. This international team collaborates with internal stakeholders and an array of suppliers to create construction agreements, oversee the delivery of each cable system, then operate and maintain that infrastructure for high reliability and security. The GSN team ensures legal and regulatory compliance for all jurisdictions in which we operate. We explore and promote technical innovations in areas of cable route engineering, marine survey, and network operations. We engage with external stakeholders on matters of seabed sharing and stewardship of the marine environment. The Subsea Build team is a specialized group within GSN responsible for cable system construction. This highly experienced team blends skills from marine construction, fiber-optic networking, project management and agreement negotiation to deliver this core infrastructure. The Build team has a strong emphasis on teamwork and collaboration. Responsibilities Collaborate closely with Engineering teams and customers to align product offerings with their specific requirements. Combine technical knowledge and sales knowledge, skills, and abilities to help promote network infrastructure products or services. Conduct in-depth discussions with potential clients to identify their specific business challenges, pain points, and desired outcomes to tailor solutions accordingly. Manage the network business pipeline and program, reporting, and maintaining cross-functional demands and communications with internal stakeholders (Finance, Entities, TI Accounting, Cloud Accounting, Cloud Sales, Cloud Product) to ensure business goals are met. Design and implement effective positioning strategy and pricing algorithms to optimize/drive business and margin for Cloud. Manages product specifications, quotations, and customer requirements. Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Google's EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know by completing our Accommodations for Applicants form .
- Company Name
- Meta
- Job Title
- Security Engineer, Incident Response
- Job Description
- Meta Security is looking for an Incident Response Engineer with experience coordinating, investigating and responding to internal and external threats. You will help the team establish, lead and execute multi-year roadmaps to mature investigative and response services, drawing upon automation and cross functional partnerships to create scalable and resilient operational capabilities. Security Engineer, Incident Response Responsibilities: Conduct security investigations and lead security incident response in a cross-functional environment and drive incident resolution. Develop Incident Response initiatives that improve our capabilities to effectively respond and remediate security incidents. Refine operational metrics, key performance indicators, and service level objectives to measure Security Operations and Incident Response services. Influence and align the team’s vision and strategy. Collaboratively prioritize and deliver specific multi-year roadmaps and projects. Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work. Partner with cross-functional teams to solve challenges related to a broad spectrum of detection and response initiatives. Collaborate with software and production engineering teams to develop scalable and flexible Incident Response and Investigative solutions. Focus on ruthlessly prioritizing, automating and scaling every aspect of our detection and response capabilities. Coach, mentor, support and care for the team in a way that enables long-term career development, happiness and success at scale. Minimum Qualifications: 10+ years of work experience in Security Incident Response and Detection & Response Engineering in a large, regulated organization. Be a technical and process subject matter expert regarding Security Operations and Incident Response services. Experience developing and delivering information on incident and program status for senior leadership. Experience leading and managing complex cross-functional programs. Experience responding to both external and insider threats. Experience analyzing network and host-based security events. Knowledge of networking technologies, specifically TCP/IP and the related protocols. Knowledge of operating systems, file systems, and memory structures on Windows, MacOS and Linux. Coding/scripting experience in one or more general purpose languages. Experience with attacker tactics, techniques, and procedures. Preferred Qualifications: Background in malware analysis, digital forensics, intrusion detection, and/or threat intelligence. Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigate suspicious behavior across networks and systems. Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as Logs and events processing, Incident Management, Digital Forensics, Detection and/or response tool development. Experience recruiting, building, and leading technical teams, including performance management. About Meta: Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics. Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate, monthly rate, or annual salary only, and do not include bonus, equity or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.
- Company Name
- Meta
- Job Title
- Product Security Engineer (University Grad)
- Job Description
- Meta's Product Security team is seeking a passionate hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over three billion people. You will be relied upon to provide engineering and product teams with the web security expertise necessary to make confident product decisions. Come help us make life hard for the bad guys. Product Security Engineer (University Grad) Responsibilities: Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more. Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities. Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products. Research, develop, and apply mitigations to products so that vulnerabilities cannot be turned into exploits. Minimum Qualifications: Currently has, or is in the process of obtaining a Bachelor's or Masters degree in Computer Science, Computer Engineering, relevant technical field, or equivalent practical experience. Degree must be completed prior to joining Meta. Experience finding vulnerabilities in php, javascript, python. Knowledge of secure code development. Experience with exploiting common web security vulnerabilities (e.g. SQLi, XSS, permission bypass vulnerabilities). Preferred Qualifications: Contributions to the security community (public research, blogging, presentations, bug bounty, etc.). Track record of participation in capture the flag (CTF) competitions. About Meta: Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics. Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate, monthly rate, or annual salary only, and do not include bonus, equity or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.