Microsoft is seeking a Senior Technical Threat Analyst to accelerate discovery, contextualization, and attribution of advanced persistent threat (APT) activity, leveraging cutting-edge models to bridge traditional intelligence analysis and applied agentic AI.
Requirements
- Hands-on experience with graph-based analytic environments (Synapse Vertex, Neo4j, or similar).
- Moderate coding skills (Python preferred) for automation, custom queries, or model interaction scripting.
- Working knowledge of agentic AI concepts (prompt chaining, orchestration frameworks, reasoning agents, or RAG-based pipelines).
- Knowledge of the LLM ecosystem — including model families from OpenAI, Anthropic, Meta, and others — with awareness of strengths, weaknesses, and bias/hallucination considerations.
- Experience integrating AI tools into threat analysis, hunting, or triage workflows.
- Familiarity with graph ontology design and CTI data schemas (STIX/TAXII, ATT&CK mappings, etc.).
- Understanding of cloud environments (Azure, AWS, GCP) and their relevance to threat actor operations.
Responsibilities
- Lead graph-based hunting and correlation across diverse datasets to surface relationships among indicators, infrastructure, malware, and threat actor activity.
- Design and implement AI-assisted analytic workflows, applying agentic models to explore, summarize, and reason about complex intelligence questions.
- Evaluate and compare LLM models (OpenAI GPT, Anthropic Claude, Meta Llama, and others) for accuracy, reliability, and relevance in analytical contexts.
- Partner with data engineers and AI researchers to prototype intelligent analyst agents capable of multi-hop reasoning and contextual evidence retrieval.
- Conduct expert-level analysis of nation-state and APT group activity, including tactics, techniques, infrastructure patterns, and geopolitical drivers.
- Translate graph-based findings into clear, actionable intelligence that supports both defensive operations and executive decision-making.
- Collaborate across product, research, and operations teams to enhance detection, hunting, and attribution methodologies.
Other
- Master's Degree in Statistics, Mathematics, Computer Science or related field.
- 5+ years of experience in cyber threat intelligence, threat hunting, or adjacent disciplines with emphasis on nation-state actor tracking.
- Ability to meet Microsoft, customer and/or government security screening requirements.
- Citizenship verification via a valid passport.
- Travel up to 25%.
