Security Researcher (multiple Positions)

Microsoft Microsoft · Big Tech · Costa Rica · Security Research

This role focuses on security investigations, analyzing security alerts and telemetry to validate detections and understand attacker intent. It involves correlating large datasets using KQL, investigating identity-centric threats, and delivering customer-facing investigation summaries. The role requires experience in security operations, cybersecurity investigations, incident response, or threat hunting.

What you'd actually do

  1. Analyze and validate security alerts, anomalies, and behavioral patterns within Microsoft 365 Defender and related telemetry to validate detections and understand attacker intent.
  2. Apply attacker methodology frameworks (MITRE ATT&CK, Cyber Kill Chain) to contextualize threats, assess progression, and determine potential impact.
  3. Investigate identity centric threats, credential misuse, lateral movement, cloud-based attacks, and modern techniques commonly used in human operated ransomware, Business Email Compromise (BEC), and stealthy persistence campaigns.
  4. Correlate large and complex datasets using Kusto Query Language (KQL) and investigate tooling to uncover relationships, patterns and root cause.
  5. Differentiate benign, misconfigured, suspicious, and malicious activity with confidence, supported by defensible evidence.

Skills

Required

  • Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field OR equivalent experience
  • Proficiency in English
  • Ability to work a consistent schedule from 10:00 AM to 7:00 PM Costa Rica time, aligned to either a Sunday–Thursday or Tuesday–Saturday workweek
  • Availability to participate in an on-call rotation, including weekend coverage

Nice to have

  • Experience analyzing alerts and telemetry from EDR/XDR platforms, preferably Microsoft 365 Defender
  • Investigative mindset with effective critical thinking, pattern recognition, and analytical skills
  • Familiarity with the MITRE ATT&CK Framework and Cyber Kill Chain models
  • Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux and Mac platforms
  • Experience performing investigations involving identity misuse, authentication anomalies, or suspicious access patterns
  • Effective cross-group and interpersonal skills
  • Experience with direct customer communication in a service delivery role
  • Hands-on expertise with Microsoft 365 Defender components
  • Prior experience as a Tier-2 or Tier-3 analyst
  • Experience investigating cloud environments (Azure, AWS, GCP) and associated network telemetry
  • Knowledge of major cloud and productivity platforms as well as identity systems
  • Familiarity with common identity-based attacks
  • Experience with offensive security including tools such as Metasploit, exploit development, Open-Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks

What the JD emphasized

  • at least 2 years of experience
  • at least 1 year of experience
  • 3+ years of hands-on experience