Koho hledáme
- Experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection; OR Master’s Degree in Statistics, Mathematics, Computer Science, or related field.
- Experience in a technical role in Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team.
- Working with extremely large data sets using tools and scripting languages such as Excel, KQL, Python, Splunk, and Power BI.
- Ability to meet Microsoft, customer, and/or government security screening requirements, including the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.
- Ability to work from the Prague office at least three (3) days per week.
- Ability to support weekend, holiday, and non-standard business-hour coverage where legally allowed and aligned to local labor regulations.
- Experience leveraging generative AI, large language models, copilots, autonomous agents, or AI-assisted workflows to improve security operations, threat hunting, incident response, investigations, or operational efficiency.
- Experience building automations or AI-assisted workflows using scripting languages, orchestration platforms, low-code automation tools, or agent frameworks.
- Advanced knowledge of operating system internals and security mechanisms.
- Experience analyzing attacker techniques.
- Knowledge of kill-chain model, ATT&CK framework, and modern penetration testing techniques.
- Knowledge of operating system internals, OS security mitigations, and security challenges across Windows, Linux, Mac, Android, and iOS platforms.
- Experience with cloud environments and network signals.
- Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements.
- Knowledge of major cloud and productivity platforms as well as identity systems and related security concerns.
- Experience with curation of Threat Intelligence.
- Experience with direct customer communication in a service delivery role.
- Ability to use data to tell a story.
- Experience with reverse engineering, DFIR, incident response, or machine learning models.
- Experience with system administration in a large enterprise environment, including Windows and Linux servers and workstations, network administration, and cloud administration.
- Experience with offensive security including Metasploit, exploit development, OSINT, and designing ways to breach enterprise networks.
- Additional advanced technical degrees or cyber security certifications such as CISSP, OSCP, CEH, or GIAC.
Co budeš dělat
- Hunt directly in customer environments with proactive and reactive guidance.
- Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and investigate alerts for enterprise customers.
- Work directly with customers at all levels of their security organization from analyst to CISO to support investigation and response.
- Collaborate with data science and threat research teams to develop and maintain accurate and durable detections.
- Leverage AI-powered security tools, copilot, and agentic workflows to accelerate threat investigations, enrich customer findings, improve analytical efficiency, and drive better security outcomes.
- Design, build, test, and operationalize automations and AI agents that assist with threat hunting, case enrichment, security research, detection validation, and customer-ready investigative outputs.
- Partner with engineering, research, and operations teams to identify opportunities where AI agents and automation can improve the scale, consistency, and effectiveness of Defender Experts service delivery.
- Participate in a global security operations model, including potential weekend, holiday, or non-standard business-hour coverage where legally allowed and aligned to local requirements.
O pozici
Security represents one of the most critical priorities for customers in a world of digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place by reshaping security and empowering every user, customer, and developer with an end-to-end security cloud.
Defender Experts for XDR is looking to hire a Security Analyst in Prague, Czech Republic. This role uses Microsoft Defender telemetry, deep knowledge of the attacker landscape, customer-facing investigation expertise, and AI-enabled workflows to help enterprises detect, investigate, and respond to advanced attacks and data breaches. The team performs root-cause analysis, generates custom alerts, identifies human adversary behaviors, builds tools and automations, and drives innovations for detecting advanced attacker tradecraft.
This role participates in a global security operations model and may require weekend, holiday, or non-standard business-hour work where legally allowed and aligned to local labor regulations.
Benefity
- Security Research IC3 - The typical base pay range for this role across Czechia is Kč 966,000.00 - Kč 1,727,000.00 per year. Certain roles may be eligible for benefits and other compensation.
- Security Research IC4 - The typical base pay range for this role across Czechia is Kč 1,338,000.00 - Kč 2,448,000.00 per year. Certain roles may be eligible for benefits and other compensation.
- Find additional benefits and pay information here:
https://careers.microsoft.com/v2/global/en/corporate-pay/czech-republic-corporate-pay.html