Security Analyst – Security Service Line

Do you have a passion for helping Microsoft’s clients defend themselves against targeted exploitation? Are you interested in being intimately involved in the latest, cutting-edge developments in the security industry and having a direct impact on the security of all Microsoft customers? Do you want to be on the front lines of helping our customers go toe-to-toe against advanced adversaries? Are you interested in a fast-paced job full of new opportunities? If so, you might be a candidate for the Microsoft Detection and Response Team (DART ) within our Security Service Line (SSL)  organization. The team is looking for a strong, experienced Incident Response Analyst(s) to join the investigation team of advanced cyber-attacks for our worldwide commercial and public-sector enterprise customers as part of our end-to-end security service line.

Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us achieve our mission. 

Industry Solutions  helps Microsoft customers around the world get the best outcomes from their investments in the latest Microsoft cloud technologies. We focus on empowering customers on their digital journey, from envisioning new possibilities to delivering solutions that result in targeted business outcomes and a great customer experience. 



Monitor customers via Microsoft Security Stack and provide advanced detection and response service though security event analysis and review
Perform live response data collection and analysis on files of interest
Perform triage and collect data on relevant events
Determine and validate findings and conclusions
Perform incident response and basic malware analysis to investigate incidents
Help navigate the customer from incident response triage into the incident response process if findings are substantiated
Resolve false positives and communicate effectively with other stakeholders
Maintain current knowledge of tools and best-practices in forensics and incident response and an understanding of advanced persistent threats, including: tools, techniques, and procedures of attackers
Collaborate with other Microsoft incident responders, security intelligence groups, and product groups to provide feedback on detection gaps and features to improve customer security posture.

If you are looking for a role that will allow you to use your knowledge and passion to strengthen the security posture of customers, you will have a bright future within our Microsoft’s Detection and Response Team (DART).



On-call work will likely be required as is demanded by the needs of our customers and our business. Position location is flexible.
Embody our and values


Required Qualifications:

Bachelor's Degree in Computer Science, Engineering or comparable 5+ years’ experience in the security fieldOr equivalent experience

Preferred Qualifications:

Experience with incident response management and case triage
Experience with reviewing and analyzing data logs from various security platforms, Microsoft Security Stack preferred (Defender for Endpoint, Defender for Identity, Sentinel)
Excellent understanding of Windows internals and where trace evidence can be found
Understanding forensic artifacts
Experience with the following is highly preferred:Active DirectoryIncident Response or other relevant security analyst related experienceAPT actor group evidence handlingFamiliarity with Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and attack Tools, Techniques, and Procedures (TTPs)Familiarity and understanding of basic SQL or KQL queries Microsoft Azure and/or Office 365 platform knowledge and experienceUnderstanding technology and security principles and possess knowledge of the cyber threat landscapeExperience navigating and working with a case management system
Melbourne, VIC, AU