Senior Applied Threat Intelligence Analyst - Microsoft Security Threat Response

Microsoft Microsoft · Big Tech · Redmond, WA +1 · Security Research

This role focuses on building and refining pipelines and tooling for cyber threat intelligence, transforming raw signal into actionable intelligence for customers. While it uses AI tools and deals with data, the core craft is not AI/ML model development but rather the engineering of intelligence delivery systems.

What you'd actually do

  1. Author and publish high-impact threat intelligence reports (actor profiles, campaign analyses, trend reports, TTP deep-dives, vulnerability profiles) for both customer-facing and internal audiences.
  2. Build and refine the pipelines, tooling, and workflows that allow Microsoft to stream insightful cyber threat intelligence to customers machine speed.
  3. Represent Microsoft Threat Intelligence in customer briefings, industry conferences, and cross-industry working groups.
  4. Translate technical findings into clear, actionable insights for security operations teams and technical stakeholders.
  5. Partner with product, engineering, and research teams to operationalize intelligence into Microsoft security platforms (e.g., Defender XDR, Sentinel, customer briefings).

Skills

Required

  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field.

Nice to have

  • 5+ years of experience in cyber threat intelligence, threat hunting, incident response, or a closely related security discipline.
  • Demonstrated experience producing finished threat intelligence reporting for technical audiences.
  • Attribution experience creating threat groups, assessing connections between established threat groups, and communicating attribution assessments to internal stakeholders and customers in a timely manner.
  • Working experience with Microsoft Sentinel and Microsoft Defender XDR (or directly comparable SIEM/XDR platforms).
  • Understanding of adversary tradecraft, the cyber kill chain, and frameworks such as MITRE ATT&CK, the Diamond Model, and structured analytic techniques.
  • Written and verbal communication skills, with a portfolio of public or customer-facing intelligence writing.
  • Experience analyzing endpoint, cloud, identity, and network telemetry.
  • Familiarity with scripting or data analysis tools (Python, KQL, SQL, PowerShell).
  • Understanding of OS internals, network protocols, and common attack techniques.
  • Exposure to reverse engineering or malware analysis.
  • Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.
  • Programming or scripting background (Python, PowerShell, C#, C++, etc.).

What the JD emphasized

  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.