Microsoft's Cloud & AI organization is seeking to enhance its capabilities in securing digital technology platforms, devices, and clouds by leveraging advanced threat analysis techniques. The role aims to bridge traditional intelligence analysis with applied agentic AI to accelerate the discovery, contextualization, and attribution of advanced persistent threat (APT) activity, ultimately improving how intelligence teams understand and communicate adversary intent.
Requirements
- Hands-on experience with graph-based analytic environments (Synapse Vertex, Neo4j, or similar).
- Moderate coding skills (Python preferred) for automation, custom queries, or model interaction scripting.
- Working knowledge of agentic AI concepts (prompt chaining, orchestration frameworks, reasoning agents, or RAG-based pipelines).
- Knowledge of the LLM ecosystem — including model families from OpenAI, Anthropic, Meta, and others — with awareness of strengths, weaknesses, and bias/hallucination considerations.
- Experience integrating AI tools into threat analysis, hunting, or triage workflows.
- Familiarity with graph ontology design and CTI data schemas (STIX/TAXII, ATT&CK mappings, etc.).
- Understanding of cloud environments (Azure, AWS, GCP) and their relevance to threat actor operations.
Responsibilities
- Lead graph-based hunting and correlation across diverse datasets to surface relationships among indicators, infrastructure, malware, and threat actor activity.
- Design and implement AI-assisted analytic workflows, applying agentic models to explore, summarize, and reason about complex intelligence questions.
- Evaluate and compare LLM models (OpenAI GPT, Anthropic Claude, Meta Llama, and others) for accuracy, reliability, and relevance in analytical contexts.
- Partner with data engineers and AI researchers to prototype intelligent analyst agents capable of multi-hop reasoning and contextual evidence retrieval.
- Conduct expert-level analysis of nation-state and APT group activity, including tactics, techniques, infrastructure patterns, and geopolitical drivers.
- Translate graph-based findings into clear, actionable intelligence that supports both defensive operations and executive decision-making.
- Stay current on advances in graph theory, AI reasoning frameworks, and adversary tradecraft, integrating new approaches into team workflows.
Other
- Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
- This position requires verification of U.S citizenship due to citizenship-based legal restrictions.
- This role will require access to information that is controlled for export under U.S. export control regulations.
- Technical writing, synthesis, and briefing skills.
- Microsoft is an equal opportunity employer.
