Senior Threat Hunter

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

We are seeking for a passionate cybersecurity professionals to join our growing team of defenders. In this role, you will proactively detect, investigate, and respond to advanced threats across enterprise environments using cutting-edge security tools and threat intelligence. The ideal candidate combines strong security expertise with a proactive mindset and coding skills to drive deep threat analysis and automation.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

Responsibilities:

• Monitor, triage, and respond to security incidents using tools like Microsoft Defender for Endpoint (MDE), Defender for Identity (MDI), Defender for Office (MDO) and Microsoft Defender for Cloud Apps (MCAS)
• Perform proactive threat hunting and detection engineering using telemetry from endpoints, identities, cloud, and network.
• Develop hunting queries using Kusto Query Language (KQL) or similar to identify suspicious patterns and behaviors. • Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
• Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
• Contribute to incident documentation, detection playbooks, and operational runbooks.
• Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).

Qualifications

Basic Qualifications:

• 8+ years of experience in cybersecurity (SOC, IR, threat hunting, red team, or malware analysis).
• Hands-on experience with SIEM, EDR, and cloud-native security tools (M365 Defender, Sentinel, CrowdStrike, etc.).
• Experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
• Proficiency in KQL, Python, or similar scripting languages for data analysis and automation.
• Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
• Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics. Preferred Qualifications: 
• Hands-on experience with Microsoft Defender XDR tools (MDE, MDI, MDO), Microsoft Sentinel, or other EDR/XDR platforms.
• Knowledge of cloud workload protection, SIEM, or threat intelligence platforms.
• Certifications like CISSP, OSCP, CEH, GCIH, AZ-500, SC-200 or similar/equivalent are a plus.

Other Requirements
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Work Environment: • Role may involve 24x7 coverage, shift-based support, or on-call rotations based on business needs. • Hybrid work model requiring 3 days per week in office; flexibility may vary based on team or location-specific guidelines. • Open to candidates from diverse professional backgrounds with demonstrable cybersecurity knowledge and technical aptitude.

#MSFTSecurity #MSFTSecurity #DEX

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.