The Threat Researcher will analyze Microsoft cloud security threats, adversary techniques, and misconfigurations. Responsibilities include conducting research on APT threats, developing threat models, enhancing security posture, and collaborating with R&D and Engineering teams to improve security products for Microsoft cloud environments.
Abnormal AI is looking for a Threat Researcher with expertise in Microsoft cloud security, threat research, and SaaS Security Posture Management (SSPM). In this position, you will look into threats against Microsoft cloud services, learn about attacker techniques, and identify security vulnerabilities. You will also work to strengthen our security and find solutions to stop these threats. You will work closely with R&D and Engineering teams to enhance security product capabilities, refine detections, and develop configuration playbooks for Azure, Microsoft 365, Defender Suite, and Entra ID. This is a fully remote position also open to UK and EMEA locations.
Who you are
- Experienced in threat research, with a deep comprehension of Microsoft cloud ecosystems, SaaS security, and identity-based threats.
- Robust knowledge of Microsoft security tools, including Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and Sentinel.
- Proficient in adversary TTP analysis, phishing attack research, misconfiguration risks, and security posture hardening.
- Data-driven researcher, with experience using SQL, PySpark, KQL, and other query-based tools to analyze large datasets.
- Skilled at bridging security research with engineering, ensuring insights lead to practical security improvements.
- Able to successfully work within agile, cross-functional teams to enhance security in Microsoft cloud environments.
- Proficient communicator, able to deliver detailed research findings to both technical and non-technical stakeholders.
What you will do
Threat Research & Adversary Tracking
- Conduct in-depth research on Microsoft cloud security threats, phishing techniques, and identity-based attack vectors.
- Track APT groups, financially motivated actors, and cloud-native threat campaigns targeting Azure and Microsoft 365 environments.
- Analyze MFA bypass techniques, token theft, session hijacking, and adversary tactics used against Microsoft authentication mechanisms.
- Reverse-engineer phishing kits, hostile systems, and cloud-based attack plans to enhance our security expertise.
- Develop threat models and in-depth attack reports to inform Microsoft-focused threat intelligence.
SSPM & Security Posture Research
- Research misconfigurations, security posture risks, and SaaS security gaps in Microsoft Entra ID, Azure AD, and M365 security settings.
- Develop SSPM research insights and contribute to configuration playbooks to improve Microsoft cloud security posture.
- Identify misconfiguration-driven threats and work with Engineering to enhance detection and mitigation strategies.
- Analyze security posture deviations that could expose Microsoft environments to account takeovers, phishing, and privilege escalation attacks.
Security Research & Cross-Functional Collaboration
- Provide deep-dive research into Microsoft cloud attack methodologies to help enhance security product capabilities.
- Work with R&D and Engineering teams to ensure research findings translate into practical security enhancements.
- Deliver technical briefings and intelligence reports on Microsoft threat trends, attacker tactics, and detection opportunities.
- Partner with internal stakeholders to evaluate emerging threats and recommend security improvements for Microsoft cloud environments.
Must Haves
- 5+ years in threat research, cyber threat intelligence, or adversary tracking.
- 3+ years focused on Microsoft cloud security (Azure, M365, Defender, Entra ID, or Sentinel).
- Expertise in Microsoft cloud security architecture, identity protection, SaaS security, and misconfiguration risks.
- Deep knowledge of MITRE ATT&CK, Microsoft attack techniques, and adversary tradecraft.
- Hands-on experience with Microsoft Defender for Office 365, Defender for Identity, and Microsoft Sentinel.
Nice to Have
- Experience working with or building SSPM solutions for Microsoft cloud security posture management.
- Security certifications (GCTI, GCFA, CISSP, or Microsoft security-related).
- Experience in researching cloud system security, conducting attack simulations, and identifying security problems caused by configuration errors.
- Background in SaaS security posture analysis and cloud security hardening.
Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here. If you would like more information on your EEO rights under the law, please click here.
Similar Jobs
Cybersecurity
As a Senior Threat Hunter, you'll proactively search for threats, conduct investigations, and communicate findings to enhance cybersecurity measures.
Top Skills:
Ida ProOllydbgPythonSQLWireshark
Security • Software
The Senior Behavioural Threat Researcher conducts in-depth malware behavioral analysis, develops protection rules, and supports sandbox enhancements while mentoring junior members.
Top Skills:
IdaproLuaPythonWindbg
Gaming • Information Technology • Mobile • Software
The Product Security Architect will integrate security into the software lifecycle, conduct assessments, lead architecture design, and mentor teams on secure practices.
Top Skills:
Application SecurityCi/Cd PipelinesCloud InfrastructureContainerized EnvironmentsSecurity Architecture
What you need to know about the Edinburgh Tech Scene
From traditional pubs and centuries-old universities to sleek shopping malls and glass-paneled office buildings, Edinburgh's architecture reflects its unique blend of history and modernity. But the fusion of past and future isn't just visible in its buildings; it's also shaping the city's economy. Named the United Kingdom's leading technology ecosystem outside of London, Edinburgh plays host to major global companies like Apple and Adobe, as well as a growing number of innovative startups in fields like cybersecurity, finance and healthcare.
