Massachusetts Veterans Jobs

MassHire JobQuest Logo

Job Information

Microsoft Corporation Threat Intelligence Analyst (Remote) in Cambridge, Massachusetts

The Microsoft 365 Defender research team is looking for a passionate threat analyst who is interested in working on an emerging product in a fast-paced startup style environment to deliver security research in the form of an intelligence service that ships continuously. Your work will not only protect customers through delivery of the Microsoft Threat Experts managed service, but also via products included in the Microsoft Defender suite.

We are an industry leading threat research lab that does in-depth research with threats and exploits to help keep our customers safe. Microsoft 365 Defender (M365D) is the security service that enables Microsoft’s enterprise customers to detect, investigate, and respond to advanced threats on their networks via a combination of endpoint behavioral sensors, cloud security analytics, and threat intelligence.


In this role, you will work with partners across Microsoft to innovate and articulate new approaches for detecting and tracking threats, adversaries, techniques, tools, and infrastructure in a rapidly evolving and cloud focused threat landscape.

You will use threat research and data science methodologies to not only enhance our optics and capability but also producing intelligence reports and analysis for cyber security stakeholders across Microsoft, our external partners, and our customers, while hunting for real cyber threats.

Your core mission will be to demystify the threat landscape and make it easily discoverable for customers and Microsoft to understand the full operational picture of attacks and the cyber criminals behind them. Microsoft Threat Experts follows an Actionable Threat Intelligence approach focusing on deep research to help customers know what really matters to them in the endless stream of security news and chatter.

By combining our unparalleled data visibility and collaborating with other product and security teams at Microsoft, you'll be using a customer driver focus to cut through the noise to reveal the signal and making it easy to understand the actual risk from a threat.


Required Qualifications

-2+ years of professional experience in producing threat intelligence, tracking cyber threats and/or incident response, with a focus on leveraging intelligence on attacker methodology, tools, and infrastructure.

Preferred Skillsets and Experience:

-Excellent communication skills with an eye for detail and the ability to articulate business needs in cross-group and partner scenarios.

-Ability to articulate technical security concepts and attacks to non-technical audience

-Ability to deal with ambiguity and an ever-changing threat landscape with dynamic priority shifts.

-Experience tracking adversaries and investigations that span on-premise and cloud-based compromises, including investigations into cloud-based email and infrastructure.

-Experience in security research, incident response and attacker tradecraft.

-Experience working with extremely large data sets, using tools and scripting languages like Excel, SQL, Python, Splunk, and Power BI.

-Demonstrated capability to analyze and coherently present complex threat intelligence information in a meaningful way.

-Experience working with detection methodologies across multiple platforms.

-Ability to utilize attacker uptake and impact to prioritize security detection and remediation tasks.

-Comprehensive OS security/internals knowledge.

-Understanding of network protocols and analytical experience with network infrastructure data & telemetry.

-Reverse-engineering with static and behavioral binary analysis experience.

-Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.

-Programming or scripting background (Python, PowerShell, C#, C++, etc.) is a plus.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form ( .

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.