Threat Hunter Ii

**Threat Hunter II**:
Bangalore, Karnataka, India

Date posted

**Sep 09, 2025**
- Job number

**1873918**
- Work site

**Up to 50% work from home**
- Travel

**0-25**%**
- Role type

**Individual Contributor**
- Profession

**Security Engineering**
- Discipline

**Security Research**
- Employment type

**Full-Time**

**Overview**:

- Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

**Qualifications**:

- Graduate degree in engineering or equivalent discipline.
- 3-7 years of experience in cybersecurity (SOC, IR, Threat Hunting, Red Team).
- Hands-on experience with SIEM, EDR, and cloud-native security tools (Microsoft XDR, Sentinel, CrowdStrike, etc.).
- Experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
- Proficiency in KQL, Python, or similar scripting languages for data analysis and automation.
- Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
- Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics.
- Certifications like CISSP, OSCP, CEH, GCIH, AZ-500, SC-200 or similar/equivalent are a plus.

**Responsibilities**:

- Monitor, triage, and respond to security incidents using alerts and incidents from Microsoft Defender products (MDE, MDI, MDO, MDA, MDC etc.)
- Perform proactive threat hunting using hypothesis, and telemetry from endpoints, identities, cloud and network.
- Develop hunting queries using Kusto Query Language (KQL) or similar to uncover suspicious patterns and behaviors.
- Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
- Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
- Contribute to incident documentation, detection playbooks, and operational runbooks.
- Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).
- Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
- 

Industry leading healthcare
- 

Educational resources
- 

Discounts on products and services
- 

Savings and investments
- 

Maternity and paternity leave
- 

Generous time away
- 

Giving programs
- 

Opportunities to network and connect