Microsoft Security Operations Analyst 

Taiwan, Taoyuan City 

445665881

Required Qualifications:

• Graduate degree in engineering or equivalent discipline.
• Experience in cybersecurity (SOC, IR, Threat Hunting, Red Team).
• Hands-on experience with SIEM, EDR, and cloud-native security tools (Microsoft XDR, Sentinel, CrowdStrike, etc.).
• Experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
• Proficiency in KQL, Python, or similar scripting languages for data analysis and automation.
• Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
• Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics.
• Certifications like CISSP, OSCP, CEH, GCIH, AZ-500, SC-200 or similar/equivalent are a plus.

Preferred Qualifications:

• Strong problem-solving and analytical mindset.
• Excellent communication skills, able to explain technical risks to non-technical stakeholders.
• Collaborative, team-first approach with ability to influence without direct authority.
• Continuous learner with a passion for security.

Responsibilities

• Monitor, triage, and respond to security incidents using alerts and incidents from Microsoft Defender products (MDE, MDI, MDO, MDA, MDC etc.)
• Perform proactive threat hunting using hypothesis, and telemetry from endpoints, identities, cloud and network.
• Develop hunting queries using Kusto Query Language (KQL) or similar to uncover suspicious patterns and behaviors.
• Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
• Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
• Contribute to incident documentation, detection playbooks, and operational runbooks.
• Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).