Security Research II - Mstic Threat Intelligence

Microsoft Microsoft · Big Tech · IL · Security Research

This role involves tracking and analyzing sophisticated threat actors, including nation-state and advanced persistent threats, to produce actionable threat intelligence. The analyst will collaborate with security and product teams to improve Microsoft's security products, services, and defenses, and contribute to detection and disruption efforts.

What you'd actually do

  1. tracking sophisticated adversaries and use your technical knowledge of adversary capabilities, infrastructure, and techniques.
  2. define, develop, and implement techniques to discover and track current adversaries and identify the attacks of tomorrow.
  3. produce actionable intelligence, proactively drive hunting and detection capabilities, and contribute to the disruption of adversary activity to protect Microsoft and its customers.
  4. collaborate closely with MSTIC and partner with security, engineering, and product teams across Microsoft to protect Microsoft assets, products, and customer environments.
  5. strengthen existing partnerships and build new ones with key organizations to enhance collective defense and improve product and service security

Skills

Required

  • threat intelligence analysis
  • tracking sophisticated threat actors
  • nation-state threat actors
  • advanced persistent threats
  • technical expertise
  • analytic tradecraft
  • end-to-end investigations
  • detection
  • hunting
  • disruption efforts
  • collaboration
  • customer engagements
  • adversary ecosystems
  • campaigns
  • malware analysis
  • host forensic investigation
  • log analysis

Nice to have

  • AI and automation
  • Python
  • scalable analytical workflows
  • cloud intrusion analysis
  • supply chain attack patterns

What the JD emphasized

  • at least 3+ years producing actionable threat intelligence on targeted and advanced persistent threats, with demonstrable impact on network and host defenses
  • proven expertise tracking and investigating APT adversaries, across all stages of the attach chain
  • strong ability to analyze and hunt adversary behavior end-to-end, map attack chains, and communicate clear, evidence-based intelligence to technical and executive audiences
  • Experience operationalizing threat intelligence and hunting methodologies at scale, leveraging AI and automation, Python, or scalable analytical workflows
  • Analysis of sophisticated malware and targeted attacks against enterprise or government environments, including identification of large-scale and supply chain attack patterns
  • Cloud intrusion analysis in adversary operations
  • Host forensic investigation and log analysis of advanced targeted adversaries
  • Proven track record in producing actionable Threat Intelligence on APTs based on telemetry analysis.