Senior Security Analyst

Microsoft Microsoft · Big Tech · United States · Security Operations Engineering

This role involves leading deep-dive investigations into complex, high-severity security incidents, including root cause analysis, threat actor attribution, and impact assessment. The analyst will proactively hunt for threats across cloud and identity telemetry, operationalize threat intelligence, and drive cross-team response efforts. A key aspect is translating findings into durable security improvements and leveraging AI/Copilot technologies to enhance investigation speed and effectiveness. The role also involves mentoring peers and contributing to documented investigation standards.

What you'd actually do

  1. Lead deep-dive investigations into the most complex and high-severity security incidents, including root cause analysis, blast radius assessment, threat actor attribution, and impact/scope determination.
  2. Proactively hunt across Microsoft's cloud and identity telemetry (e.g., MSTIC, Kusto/ADX, ArmProd, ESTS) to surface emerging threats and operationalize threat intelligence into queries, notebooks, and detection logic.
  3. Drive cross-team response for nation-state, supply chain (npm, GitHub, OpenVSX), and identity-based compromises - partnering with MSTIC, OpsHub, Detection Engineering, Evictions, and Service teams to contain and remediate at scale.
  4. Translate investigation findings into durable improvements - new detections, platform fixes, playbooks, and process changes - so the same class of attack does not succeed twice.
  5. Raise the bar on investigation quality, contributing to documented standards, peer reviews, and measurable rigor across incidents, hunts, and forensics.

Skills

Required

  • Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience.
  • Microsoft Cloud Background Check
  • security screening requirements

Nice to have

  • Bachelor's degree in Computer Science, Information Security, a related technical field, AND 4+ years of experience in cybersecurity, incident response, coordination and presentation with executive level professionals, threat hunting, or security investigations
  • equivalent experience (6+ years of hands-on security investigation/forensic experience in lieu of degree).
  • 3+ years of experience conducting security investigations in large-scale cloud or enterprise environments (Azure, AWS, GCP, or M365).
  • Demonstrated experience with log analysis and query languages (KQL/Kusto, SQL, or equivalent) across SIEM, identity, endpoint, or cloud telemetry.
  • Working knowledge of modern attacker tradecraft, the MITRE ATT&CK framework, and common cloud/identity attack paths (e.g., token theft, OAuth abuse, supply chain compromise).
  • Experience investigating nation-state or financially motivated threat actors and producing attribution-quality analysis.
  • Hands-on experience with supply chain compromise investigations (npm, GitHub Acti

What the JD emphasized

  • nation-state security incidents
  • nation-state
  • supply chain
  • identity-based attacks
  • deep investigations
  • threat hunting
  • intelligence operationalization
  • cross-organizational collaboration
  • platform-level fixes
  • detections
  • intelligence
  • complex, high-severity security incidents
  • root cause analysis
  • blast radius assessment
  • threat actor attribution
  • impact/scope determination
  • emerging threats
  • operationalize threat intelligence
  • nation-state, supply chain (npm, GitHub, OpenVSX), and identity-based compromises
  • contain and remediate at scale
  • durable improvements
  • new detections
  • platform fixes
  • playbooks
  • process changes
  • investigation quality
  • documented standards
  • peer reviews
  • measurable rigor
  • incidents
  • hunts
  • forensics
  • AI and Copilot technologies
  • accelerate triage
  • evidence collection
  • analysis
  • stay ahead of attackers operating at machine speed
  • Mentor and uplevel peers
  • advanced investigation techniques
  • threat actor tradecraft
  • reverse engineering
  • culture of investigative excellence
  • Doctorate in Statistics, Mathematics, Computer Science, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience
  • equivalent experience
  • Microsoft Cloud Background Check
  • security screening requirements
  • nation-state or financially motivated threat actors
  • attribution-quality analysis
  • supply chain compromise investigations (npm, GitHub Acti