Security Research II - MSTIC Threat Intelligence

Overview

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

he Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters – with highly honed threat intelligence analysis skills. MSTIC provides unique insight on threats to protect Microsoft and our customers and is responsible for delivering timely threat intelligence across our product and services teams.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As a Threat Intelligence Analyst in MSTIC, you will track and analyze sophisticated threat actors (including nation-state and advanced persistent threats) and translate intelligence into actionable outcomes that improve Microsoft security products, services, and defenses. You will combine deep technical expertise with analytic tradecraft to drive end-to-end investigations, detect adversary activity, and support detection, hunting, and disruption efforts across Microsoft’s ecosystem. The role includes close collaboration with internal teams and external partners, contributing to real-time response, customer engagements, and broader understanding of adversary ecosystems and campaigns.Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

As a threat intelligence analyst, you will be responsible for tracking sophisticated adversaries and use your technical knowledge of adversary capabilities, infrastructure, and techniques.

You will define, develop, and implement techniques to discover and track current adversaries and identify the attacks of tomorrow.

You will produce actionable intelligence, proactively drive hunting and detection capabilities, and contribute to the disruption of adversary activity to protect Microsoft and its customers.

In this role, you will collaborate closely with MSTIC and partner with security, engineering, and product teams across Microsoft to protect Microsoft assets, products, and customer environments.

You will strengthen existing partnerships and build new ones with key organizations to enhance collective defense and improve product and service security

Qualifications

• You have at least 3+ years producing actionable threat intelligence on targeted and advanced persistent threats, with demonstrable impact on network and host defenses .
• You have proven expertise tracking and investigating APT adversaries, across all stages of the attach chain.
• Strong ability to analyze and hunt adversary behavior end-to-end, map attack chains, and communicate clear, evidence-based intelligence to technical and executive audiences.
• Ability to quickly adapt to a rapidly evolving telemetry landscape.
• Preferred Qualification
• Experience operationalizing threat intelligence and hunting methodologies at scale, leveraging AI and automation, Python, or scalable analytical workflows
• Analysis of sophisticated malware and targeted attacks against enterprise or government environments, including identification of large-scale and supply chain attack patterns
• Cloud intrusion analysis in adversary operations
• Host forensic investigation and log analysis of advanced targeted adversaries
• Proven track record in producing actionable Threat Intelligence on APTs based on telemetry analysis.
  
  

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.