Threat Hunter II

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

We are seeking for a passionate cybersecurity professionals to join our growing team of Defenders. In this role, you will proactively detect, investigate, and respond to advanced threats across enterprise environments using cutting-edge and AI enabled security tools and threat intelligence. The ideal candidate combines strong security expertise with a curious mindset and skills to conduct deep threat analysis.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

• Monitor, triage, and respond to security incidents using alerts and incidents from Microsoft Defender products (MDE, MDI, MDO, MDA, MDC etc.)
• Perform proactive threat hunting using hypothesis, and telemetry from endpoints, identities, cloud and network.
• Develop hunting queries using Kusto Query Language (KQL) or similar to uncover suspicious patterns and behaviors.
• Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
• Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
• Contribute to incident documentation, detection playbooks, and operational runbooks.
• Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).

• Graduate degree in engineering or equivalent discipline.
• 3–7 years of experience in cybersecurity (SOC, IR, Threat Hunting, Red Team).
• Hands-on experience with SIEM, EDR, and cloud-native security tools (Microsoft XDR, Sentinel, CrowdStrike, etc.).
• Experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
• Proficiency in KQL, Python, or similar scripting languages for data analysis and automation.
• Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
• Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics.
• Certifications like CISSP, OSCP, CEH, GCIH, AZ-500, SC-200 or similar/equivalent are a plus.

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.