[Remote] Senior Security Analyst

Note: The job is a remote job and is open to candidates in USA. Microsoft is a leading technology company seeking a Senior Security Analyst to join their Cyber Defense Investigations – Escalations team. The role involves leading investigations into high-severity security incidents and collaborating across teams to improve Microsoft's security posture against complex cyber threats.

Responsibilities

• Lead deep-dive investigations into the most complex and high-severity security incidents, including root cause analysis, blast radius assessment, threat actor attribution, and impact/scope determination
• Proactively hunt across Microsoft's cloud and identity telemetry (e.g., MSTIC, Kusto/ADX, ArmProd, ESTS) to surface emerging threats and operationalize threat intelligence into queries, notebooks, and detection logic
• Drive cross-team response for nation-state, supply chain (npm, GitHub, OpenVSX), and identity-based compromises - partnering with MSTIC, OpsHub, Detection Engineering, Evictions, and Service teams to contain and remediate at scale
• Translate investigation findings into durable improvements - new detections, platform fixes, playbooks, and process changes - so the same class of attack does not succeed twice
• Raise the bar on investigation quality, contributing to documented standards, peer reviews, and measurable rigor across incidents, hunts, and forensics
• Leverage AI and Copilot technologies to accelerate triage, evidence collection, and analysis, helping the team stay ahead of attackers operating at machine speed
• Mentor and uplevel peers in advanced investigation techniques, threat actor tradecraft, and reverse engineering, building a strong culture of investigative excellence

Skills

• Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
• OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
• OR equivalent experience
• Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
• Bachelor's degree in Computer Science, Information Security, a related technical field, AND 4+ years of experience in cybersecurity, incident response, coordination and presentation with executive level professionals, threat hunting, or security investigations
• OR equivalent experience (6+ years of hands-on security investigation/forensic experience in lieu of degree)
• 3+ years of experience conducting security investigations in large-scale cloud or enterprise environments (Azure, AWS, GCP, or M365)
• Demonstrated experience with log analysis and query languages (KQL/Kusto, SQL, or equivalent) across SIEM, identity, endpoint, or cloud telemetry
• Working knowledge of modern attacker tradecraft, the MITRE ATT&CK framework, and common cloud/identity attack paths (e.g., token theft, OAuth abuse, supply chain compromise)
• Experience investigating nation-state or financially motivated threat actors and producing attribution-quality analysis
• Hands-on experience with supply chain compromise investigations (npm, GitHub Actions, OpenVSX, signing/artifact abuse) or identity-plane incidents (Entra ID/AAD, ESTS, federation)
• Familiarity with Microsoft security data sources - MDC, Defender XDR, Sentinel, Azure Resource Graph
• Experience building or consuming AI/Copilot-assisted investigation tooling, automation, or notebooks to scale analyst workflows
• Strong written communication - able to produce executive-ready investigation reports, retrospectives, and cross-org technical briefs
• Industry certifications such as GCFA, GCIH, GCFE, GREM, OSCP, CISSP, or equivalent
• Prior experience working in CIRT function

Benefits

• Certain roles may be eligible for benefits and other compensation.
• Microsoft Cloud Background Check:This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Company Overview

Company H1B Sponsorship