Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct research on Microsoft cloud security threats and enhance security product capabilities.
- Company: Join Abnormal AI, a fast-growing cybersecurity company dedicated to protecting the modern workplace.
- Benefits: Enjoy competitive pay, flexible PTO, and comprehensive healthcare coverage for you and your family.
- Why this job: Be part of a mission-driven team using cutting-edge technology to combat sophisticated cyber threats.
- Qualifications: 5+ years in threat research with expertise in Microsoft cloud security and related tools.
- Other info: This is a fully remote position open to UK and EMEA locations.
The predicted salary is between 43200 - 72000 £ per year.
Abnormal AI is looking for a Threat Researcher with expertise in Microsoft cloud security, threat research, and SaaS Security Posture Management (SSPM). In this position, you will look into threats against Microsoft cloud services, learn about attacker techniques, and identify security vulnerabilities. You will also work to strengthen our security and find solutions to stop these threats. You will work closely with R&D and Engineering teams to enhance security product capabilities, refine detections, and develop configuration playbooks for Azure, Microsoft 365, Defender Suite, and Entra ID. This is a fully remote position also open to UK and EMEA locations.
Who you are
- Experienced in threat research, with a deep comprehension of Microsoft cloud ecosystems, SaaS security, and identity-based threats.
- Robust knowledge of Microsoft security tools, including Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and Sentinel.
- Proficient in adversary TTP analysis, phishing attack research, misconfiguration risks, and security posture hardening.
- Data-driven researcher, with experience using SQL, PySpark, KQL, and other query-based tools to analyze large datasets.
- Skilled at bridging security research with engineering, ensuring insights lead to practical security improvements.
- Able to successfully work within agile, cross-functional teams to enhance security in Microsoft cloud environments.
- Proficient communicator, able to deliver detailed research findings to both technical and non-technical stakeholders.
What you will do
- Threat Research & Adversary Tracking
- Conduct in-depth research on Microsoft cloud security threats, phishing techniques, and identity-based attack vectors.
- Track APT groups, financially motivated actors, and cloud-native threat campaigns targeting Azure and Microsoft 365 environments.
- Analyze MFA bypass techniques, token theft, session hijacking, and adversary tactics used against Microsoft authentication mechanisms.
- Reverse-engineer phishing kits, hostile systems, and cloud-based attack plans to enhance our security expertise.
- Develop threat models and in-depth attack reports to inform Microsoft-focused threat intelligence.
- SSPM & Security Posture Research
- Research misconfigurations, security posture risks, and SaaS security gaps in Microsoft Entra ID, Azure AD, and M365 security settings.
- Develop SSPM research insights and contribute to configuration playbooks to improve Microsoft cloud security posture.
- Identify misconfiguration-driven threats and work with Engineering to enhance detection and mitigation strategies.
- Analyze security posture deviations that could expose Microsoft environments to account takeovers, phishing, and privilege escalation attacks.
- Security Research & Cross-Functional Collaboration
- Provide deep-dive research into Microsoft cloud attack methodologies to help enhance security product capabilities.
- Work with R&D and Engineering teams to ensure research findings translate into practical security enhancements.
- Deliver technical briefings and intelligence reports on Microsoft threat trends, attacker tactics, and detection opportunities.
- Partner with internal stakeholders to evaluate emerging threats and recommend security improvements for Microsoft cloud environments.
Must Haves
- 5+ years in threat research, cyber threat intelligence, or adversary tracking.
- 3+ years focused on Microsoft cloud security (Azure, M365, Defender, Entra ID, or Sentinel).
- Expertise in Microsoft cloud security architecture, identity protection, SaaS security, and misconfiguration risks.
- Deep knowledge of MITRE ATT&CK, Microsoft attack techniques, and adversary tradecraft.
- Hands-on experience with Microsoft Defender for Office 365, Defender for Identity, and Microsoft Sentinel.
Nice to Have
- Experience working with or building SSPM solutions for Microsoft cloud security posture management.
- Security certifications (GCTI, GCFA, CISSP, or Microsoft security-related).
- Experience in researching cloud system security, conducting attack simulations, and identifying security problems caused by configuration errors.
- Background in SaaS security posture analysis and cloud security hardening.
Threat Researcher employer: Abnormal Security Corporation
Contact Detail:
Abnormal Security Corporation Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Threat Researcher
✨Tip Number 1
Familiarise yourself with the latest trends in Microsoft cloud security and threat research. Follow industry blogs, attend webinars, and engage with communities on platforms like LinkedIn to stay updated on emerging threats and best practices.
✨Tip Number 2
Network with professionals already working in threat research or cybersecurity roles, especially those focused on Microsoft technologies. Reach out for informational interviews to gain insights into their experiences and advice on how to excel in this field.
✨Tip Number 3
Showcase your hands-on experience with Microsoft security tools by participating in relevant projects or contributing to open-source initiatives. This practical experience can set you apart and demonstrate your commitment to the field.
✨Tip Number 4
Prepare for potential technical interviews by brushing up on your knowledge of adversary tactics, techniques, and procedures (TTPs). Be ready to discuss specific examples of your research and how it has led to actionable security improvements.
We think you need these skills to ace Threat Researcher
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience in threat research, particularly with Microsoft cloud security. Emphasise your knowledge of tools like Defender for Office 365 and Azure AD, as well as any relevant projects you've worked on.
Craft a Strong Cover Letter: In your cover letter, explain why you're passionate about cybersecurity and how your skills align with the role. Mention specific experiences that demonstrate your ability to conduct threat research and collaborate with engineering teams.
Showcase Technical Skills: Include a section in your application that lists your technical skills, especially those related to SQL, PySpark, KQL, and any other query-based tools. This will help the hiring team see your data-driven approach to research.
Highlight Collaboration Experience: Since the role involves working closely with R&D and Engineering teams, be sure to mention any past experiences where you successfully collaborated with cross-functional teams to enhance security measures.
How to prepare for a job interview at Abnormal Security Corporation
✨Showcase Your Expertise in Microsoft Cloud Security
Make sure to highlight your experience with Microsoft cloud services during the interview. Be prepared to discuss specific tools like Defender for Office 365 and Azure AD, and how you've used them to identify and mitigate threats.
✨Demonstrate Your Research Skills
Prepare to share examples of your threat research projects. Discuss methodologies you've employed, such as analysing adversary TTPs or reverse-engineering phishing kits, to showcase your analytical skills and data-driven approach.
✨Communicate Effectively with Technical and Non-Technical Stakeholders
Since you'll be working with cross-functional teams, practice explaining complex security concepts in simple terms. This will demonstrate your ability to bridge the gap between technical findings and practical applications.
✨Be Ready for Scenario-Based Questions
Expect questions that assess your problem-solving abilities in real-world scenarios. Prepare to discuss how you would handle specific threats or misconfigurations in Microsoft environments, showcasing your critical thinking and proactive mindset.
