Microsoft Security Research 

Taiwan, Taoyuan City 

7497412

Required Qualification

• Graduate degree in engineering or equivalent discipline.
• 1–3 years of experience in cybersecurity (SOC, IR, Threat Hunting, Red Team).
• Hands-on experience with SIEM, EDR, and cloud-native security tools (Microsoft XDR, Sentinel, CrowdStrike, etc.).
• Experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
• Familiarity in KQL, Python, or similar scripting languages for data analysis and automation.
• Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
• Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics.

Preferred Qulaification

• Certifications like CISSP, OSCP, CEH, GCIH, AZ-500, SC-200 or similar/equivalent are a plus.

• Monitor, triage, and respond to security incidents using alerts and incidents from Microsoft Defender products (MDE, MDI, MDO, MDA, MDC etc.)
• Perform proactive threat hunting using hypothesis, and telemetry from endpoints, identities, cloud and network.
• Develop hunting queries using Kusto Query Language (KQL) or similar to uncover suspicious patterns and behaviors.
• Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
• Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
• Contribute to incident documentation, detection playbooks, and operational runbooks.
• Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).