Threat Researcher

Summary

Join Abnormal Security as a Threat Researcher specializing in Microsoft cloud security. You will conduct in-depth research on Microsoft cloud threats, adversary techniques, and misconfigurations, contributing to security posture improvements and mitigation strategies. Collaboration with R&D and Engineering teams is crucial to enhance security product capabilities and refine detections. Your expertise in Microsoft security tools and data analysis will be vital. You will track APT groups and analyze attack vectors, developing threat models and reports. The role requires strong communication skills to deliver findings to both technical and non-technical stakeholders. This position offers the opportunity to significantly impact Microsoft cloud security.

Requirements

• 5+ years in threat research, cyber threat intelligence, or adversary tracking
• 3+ years focused on Microsoft cloud security (Azure, M365, Defender, Entra ID, or Sentinel)
• Expertise in Microsoft cloud security architecture, identity protection, SaaS security, and misconfiguration risks
• Strong data analysis skills with experience using SQL, PySpark, KQL, or similar tools to analyze cloud-based threats
• Deep knowledge of MITRE ATT&CK, Microsoft attack techniques, and adversary tradecraft
• Hands-on experience with Microsoft Defender for Office 365, Defender for Identity, and Microsoft Sentinel

Responsibilities

• Conduct in-depth research on Microsoft cloud security threats, phishing techniques, and identity-based attack vectors
• Track APT groups, financially motivated actors, and cloud-native threat campaigns targeting Azure and Microsoft 365 environments
• Analyze MFA bypass techniques, token theft, session hijacking, and adversary tactics used against Microsoft authentication mechanisms
• Reverse-engineer phishing kits, adversary infrastructure, and cloud-native attack methodologies to enhance security insights
• Develop threat models and in-depth attack reports to inform Microsoft-focused threat intelligence
• Research misconfigurations, security posture risks, and SaaS security gaps in Microsoft Entra ID, Azure AD, and M365 security settings
• Develop SSPM research insights and contribute to configuration playbooks to improve Microsoft cloud security posture
• Identify misconfiguration-driven threats and work with Engineering to enhance detection and mitigation strategies
• Analyze security posture deviations that could expose Microsoft environments to account takeovers, phishing, and privilege escalation attacks
• Provide deep-dive research into Microsoft cloud attack methodologies to help enhance security product capabilities
• Work with R&D and Engineering teams to ensure research findings translate into practical security enhancements
• Deliver technical briefings and intelligence reports on Microsoft threat trends, attacker tactics, and detection opportunities
• Partner with internal stakeholders to evaluate emerging threats and recommend security improvements for Microsoft cloud environments

Preferred Qualifications

• Experience working with or building SSPM solutions for Microsoft cloud security posture management
• Security certifications (GCTI, GCFA, CISSP, or Microsoft security-related)
• Experience in cloud-native security research, attack simulations, or misconfiguration exploitation analysis
• Background in SaaS security posture analysis and cloud security hardening