Security Researcher
Job Title – Microsoft Security Researcher
Cyber security is pretty much at the heart of everything that Microsoft does in today’s world, in part from a practical point of view and in part from a reputational point of view.
All elements of their systems and their customers systems are potentially at risk from the threat of a cyber attack, and there needs to be constant research and monitoring of all types of threats in an ever-changing world, and how best to protect everyone from them.
Description / Responsibilities
The job title of a Microsoft Security Researcher is quite a broad one, and will either be covering general research or may specify a particular area of risk such as email systems or cloud computing.
In any event, their job will be to deepen the understanding of the type of threat that is likely to affect their area of work.
This can include the different types of techniques that cyber criminals use, and an understanding of how this landscape changes and what emerging trends and patterns are coming through.
This sense of understanding emerging trends is really important and will involve research and liaising with many other companies and threat analysts.
The job will normally involve developing systems to monitor emerging threats and the best ways of dealing with them.
This can be based on both past experience, and what experts within the industry believe is either happening or likely to happen in the near and long-term future.
The job of a Microsoft Security Researcher is also likely to involve developing and maintaining and incident response plan or plans covering either their particular sector of work or the company as a whole.
Incident response plans are a key element of any cyber security operations work.
They need to be thoroughly thought out, with clear descriptions of what needs doing in the event of an attack and by whom. The plan that needs to list specific responsibilities and action plan points as to how to implement them.
Individuals involved in the plan need to be involved in the preparation of the plan as well, and need to be involved in testing the plan at different intervals to make sure it is clear and effective.
The incident response plan as well as other information will need to be continually reported to other members of the team, and also to other Microsoft employees who may be directly or indirectly affected by it
Microsoft Security Researcher Qualifications / Experience
As with many jobs in cyber security that is often a mix of experience and qualifications and the job requirements may specify both.
With all security work, an understanding of the cycle of software development is important, as well as practical experience in modelling and cyber security. A bachelor’s degree is often required or preferred normally a subject such as computer science, statistics or mathematics.
Experience of being involved in an incident response team and plan is normally a requirement. This is such a crucial area of cyber security that being able to demonstrate expertise in this area is normally a core requisite.
Ideally this experience will be gained as part of a Cyber Security Operations Center Team, with a thorough understanding of how the security objectives of a company are formed and implemented.
Preferred qualifications often include an ability to code in a number of computer languages such as C, Java, Python etc.
Salary / Benefits
Online job sites estimate the salary for this type of position is between $75,000 and $150,000, depending upon location and level of Security Researcher applicant.
Microsoft do have quite a detailed benefits package, which also specifies in a general way how they are determined by the role of different jobs at Microsoft.
Vetting
Aside from normal background checks, given the sensitivity of the role Microsoft may do more detailed background checks, both at time of hiring and specified periods thereafter, quite often every 2/3 years.