Microsoft - Threat Hunter 2

Full Job Description

The Microsoft Threat Experts Team is looking for threat hunters! No matter how sophisticated attacker behaviors become, Microsoft 365 Defender will help enterprises detect, investigate, and respond to advanced attacks and data breaches on their networks. Our team uses deep knowledge of the attacker landscape and rich telemetry from our sensors to perform root-cause analysis and generate custom alerts, ensuring that Microsoft 365 Defender customers are well equipped to quickly respond to human adversaries identified in their unique environments.
Ensuring that no human adversary can operate silently begins with experts harnessing the powerful optics provided by Microsoft 365 Defender, across the attacker kill-chain, coupled with world-class detections. We are looking for a leader to help us harness the power of Microsoft’s trillions of security signals to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of hunting objectives, and drive innovations for detecting advanced attacker tradecraft.


  • Explore and correlate large data sets to uncover novel attack techniques, monitor and catalog changes in activity group tradecraft, and generate custom alerts for enterprise customers.
  • Work with customer support teams to support investigation and response during an enterprise’s time of need.
  • Collaborate with our data science and threat research teams to develop and maintain accurate and durable cloud-based detections.
  • Build hunting tools and automations for use in the discovery of human adversaries.

QualificationsRequired Qualifications:

  • 5+ years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team.
  • Advanced knowledge of operating system internals and security mechanisms.
  • Experience analyzing attacker techniques that leverage email and cloud-service tactics.
  • Skilled working with extremely large data sets, using tools and scripting languages such as: Excel, SQL, Python, Splunk, and PowerBI.

Preferred Qualifications:

  • Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms
  • Knowledge of kill-chain model, ATT&CK framework, and modern penetration testing techniques
  • Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements
  • Knowledge of major cloud and productivity platforms as well as identity systems and related security concerns
  • Experienced with curation of Threat Intelligence
  • Experienced with direct customer communication in a service delivery role
  • Ability to use data to 'tell a story'
  • Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models
  • Experience with system administration in a large enterprise environment including Windows and Linux servers and workstations, network administration, cloud administration
  • Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks
  • Additional advanced technical degrees or cyber security certifications such as CISSP, OSCP, CEH, or GIAC certifications
    Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Apply: here