New 
Senior Security Operations Engineer - CTJ - TS/SCI
 Microsoft | |
 United States, Washington, Redmond | |
 Oct 31, 2025 | |
|
OverviewThe Sovereign Security Foundation Team is looking for an individual that can be a technical leader within the security engineering team. We are looking for a Senior Security Operations Engineer who will help build and run the next generation of security services and tools for the organization.TheSovereign Security Foundation Teamis part of the larger Azure Silver Team and is responsible for raising the security standard across the Silver Team's infrastructure and application services to internal users in a secure environment. The Sovereign Security Foundation Team will focus on Service 360, Sentinel, Splunk, and correlating data with internal Azure teamsThe ideal candidate will have proficient technical & organizational experience, a passion for customer service and be able to quickly trouble shoot and resolve issues. The candidate must be self-motivated, able toprioritize work quickly and appropriatelyin an ambiguous environment. Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
ResponsibilitiesAssist internal teams and customers by identifyingand recognizing data and patterns that mayindicatepotential security issues. Raises identified security concernswithlead members of the team to discuss mitigation strategy proposals.Analyzes dynamic datasets to help internal customersmaintainan accurateview of owned assets exposed to theIdentifiesand raises opportunities for automation to improve efficiency and effectiveness. Creates automation asappropriate todrive greater efficiency with high value.Utilizing guidance and key operating procedures, analyzes specific aspects of attempted or successful efforts to compromise systems security. Escalates findings asappropriate withinagreed response times. Develops ability to analyze independently and make recommendations.Identifiespotential issues with detection (e.g., false positives, noise). Engages others to escalate appropriately. Creates detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]). Continues to drive automation of detection and response.Executes tactical processesacross kill chain. Distinguishes effective from ineffective tactics and reports accordingly to inform security posture.Maps tactics to MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix and assesses whentargets pass and fail against known techniques.Identify emerging threats using the tools and data provided, identifying and addressing risks to prevent exploitationEffectively convey information clearly and in a professional manner with technical and non-technicalpersonnel.Works with internal and external parties as directed to push solutions to the environment to address specific threats.Own and contribute to initiatives that drive continuous improvement to the Sovereign Security Foundation operations and servicesPerform regular security monitoring to identify any possibleintrusionsMaintain and create system documentation.Deep understanding of system internals and/or hardening in the following: Windows, Linux or macOS operating systemsKeep up to date on emerging vulnerability, response, mitigation, threat landscape trends and use this knowledge to drive proactive threat detection.Mentor and provide guidance to team members on detection and response best practices.Embody our Culture and Values | |