Senior Technical Threat Analyst - Graph & AI-Driven Threat Intelligence
Microsoft
Senior Technical Threat Analyst – Graph & AI-Driven Threat Intelligence
Multiple Locations, United States
Save
Overview
The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.
We are seeking a Senior Technical Threat Analyst with expertise in nation-state cyber threat analysis, hands-on experience using graph-based hunting environments (e.g., Vertex Synapse, neo4j, or similar) and expertise in using these concepts in conjunction with Agentic AI. This role bridges traditional intelligence analysis and applied agentic AI, leveraging cutting-edge models to accelerate discovery, contextualization, and attribution of advanced persistent threat (APT) activity. The ideal candidate is equally comfortable navigating graph relationships in large-scale data systems and experimenting with AI frameworks to generate, validate, and refine hypotheses about adversary behavior. You’ll blend human analytic tradecraft with graph solutions and emerging AI capabilities to uncover new patterns, accelerate investigations, and enhance how intelligence teams understand and communicate adversary intent.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Qualifications
Minimum Qualifications:
- Master's Degree in Statistics, Mathematics, Computer Science or related field.
- OR 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
- 5+ years of experience in cyber threat intelligence, threat hunting, or adjacent disciplines with emphasis on nation-state actor tracking.
- Demonstrated ability to perform structured analysis and attribution of APT activity with analytic rigor and sourcing discipline.
- Hands-on experience with graph-based analytic environments (Synapse Vertex, Neo4j, or similar).
- Moderate coding skills (Python preferred) for automation, custom queries, or model interaction scripting.
- Working knowledge of agentic AI concepts (prompt chaining, orchestration frameworks, reasoning agents, or RAG-based pipelines).
- Knowledge of the LLM ecosystem — including model families from OpenAI, Anthropic, Meta, and others — with awareness of strengths, weaknesses, and bias/hallucination considerations.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport.
- Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under U.S. export control regulations, potentially under the International Traffic in Arms Regulations or the Export Administration Regulations. As a condition of employment, the successful candidate will be required to provide proof of citizenship, for assessment of eligibility to access the export-controlled information. To meet this legal requirement, citizenship will be verified via a valid passport.
Preferred Qualifications:
- Doctorate in Statistics, Mathematics, Computer Science or related field.
- OR 6+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
- Experience integrating AI tools into threat analysis, hunting, or triage workflows.
- Familiarity with graph ontology design and CTI data schemas (STIX/TAXII, ATT&CK mappings, etc.).
- Understanding of cloud environments (Azure, AWS, GCP) and their relevance to threat actor operations.
- Background in developing or refining AI safety, validation, or evaluation frameworks for analytic use.
- Technical writing, synthesis, and briefing skills.
Security Research IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until October 29, 2025.
#MSTIC #MSFTSecurity
Responsibilities
- Lead graph-based hunting and correlation across diverse datasets to surface relationships among indicators, infrastructure, malware, and threat actor activity.
- Design and implement AI-assisted analytic workflows, applying agentic models to explore, summarize, and reason about complex intelligence questions.
- Evaluate and compare LLM models (OpenAI GPT, Anthropic Claude, Meta Llama, and others) for accuracy, reliability, and relevance in analytical contexts.
- Partner with data engineers and AI researchers to prototype intelligent analyst agents capable of multi-hop reasoning and contextual evidence retrieval.
- Conduct expert-level analysis of nation-state and APT group activity, including tactics, techniques, infrastructure patterns, and geopolitical drivers.
- Translate graph-based findings into clear, actionable intelligence that supports both defensive operations and executive decision-making.
- Collaborate across product, research, and operations teams to enhance detection, hunting, and attribution methodologies.
- Stay current on advances in graph theory, AI reasoning frameworks, and adversary tradecraft, integrating new approaches into team workflows.