Principal Applied Threat Intelligence Analyst - Microsoft Security Threat Response

Microsoft Microsoft · Big Tech · Redmond, WA +1 · Security Research

This role focuses on building and refining data pipelines and tooling to deliver cyber threat intelligence at machine speed. While it involves analyzing data and potentially using ML models, the core function is threat intelligence analysis and reporting, not the direct development or deployment of AI/ML models as a primary product or service.

What you'd actually do

  1. Author and publish high-impact threat intelligence reports (actor profiles, campaign analyses, trend reports, TTP deep-dives, vulnerability profiles) for both customer-facing and internal audiences.
  2. Translate complex technical findings into clear, prescriptive guidance for security operations teams, executives, and the broader defender community.
  3. Partner with product, research, marketing, and communications teams to land intelligence through Microsoft's customer-facing surfaces (Agentic Security, Defender XDR, Sentinel, blogs, briefings).
  4. Build and refine the pipelines, tooling, and workflows that allow Microsoft to stream insightful cyber threat intelligence to customers machine speed.
  5. Represent Microsoft Threat Intelligence in customer briefings, industry conferences, and cross-industry working groups.

Skills

Required

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field
  • 3+ years experience in software development lifecycle
  • large-scale computing
  • threat analysis or modeling
  • cybersecurity
  • vulnerability research
  • anomaly detection

Nice to have

  • 5+ years experience in software development lifecycle
  • large-scale computing
  • threat analysis or modeling
  • cybersecurity
  • vulnerability research
  • anomaly detection
  • 10 + years of experience in cyber threat intelligence
  • threat hunting
  • incident response
  • producing finished threat intelligence reporting for technical and/or executive audiences
  • Attribution experience creating threat groups
  • assessing connections between established threat groups
  • communicating attribution assessments to internal stakeholders and customers in a timely manner
  • Working experience with Microsoft Sentinel and Microsoft Defender XDR (or directly comparable SIEM/XDR platforms)
  • Understanding of adversary tradecraft
  • the cyber kill chain
  • frameworks such as MITRE ATT&CK
  • the Diamond Model
  • structured analytic techniques
  • Written and verbal communication skills
  • portfolio of public or customer-facing intelligence writing
  • Experience with endpoint, cloud, network, and identity-based attacks and datasets
  • Comprehensive OS security/internals knowledge
  • Understanding of network protocols
  • analytical experience with network infrastructure data & telemetry
  • Reverse-engineering with static and behavioral binary analysis experience
  • Functional understanding of common threat analysis models such as the Diamond Model
  • Cyber Kill Chain
  • MITRE ATT&CK
  • Programming or scripting background (Python, PowerShell, C#, C++, etc.)

What the JD emphasized

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.