Microsoft Threat Hunter II 

Taiwan, Taoyuan City 

915447977

Basic Qualifications:

• 4–7 years of experience in cybersecurity (SOC, IR, threat hunting, red team, or malware analysis).
• Hands-on experience with SIEM, EDR, and cloud-native security tools (M365 Defender, Sentinel, CrowdStrike, etc.).
• Experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
• Proficiency in KQL, Python, or similar scripting languages for data analysis and automation.
• Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
• Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics

Preferred Qualifications:

• Hands-on experience with Microsoft Defender XDR tools (MDE, MDI, MDO), Microsoft Sentinel, or other EDR/XDR platforms.
• Knowledge of cloud workload protection, SIEM, or threat intelligence platforms.
• Certifications like CISSP, OSCP, CEH, GCIH, AZ-500, SC-200 or similar/equivalent are a plus.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• Work Environment: • Role may involve 24x7 coverage, shift-based support, or on-call rotations based on business needs. • Hybrid work model requiring 3 days per week in office; flexibility may vary based on team or location-specific guidelines. • Open to candidates from diverse professional backgrounds with demonstrable cybersecurity knowledge and technical aptitude.

Responsibilities:

• Monitor, triage, and respond to security incidents using tools like Microsoft Defender for Endpoint (MDE), Defender for Identity (MDI), Defender for Office (MDO) and Microsoft Defender for Cloud Apps (MCAS)
• Perform proactive threat hunting and detection engineering using telemetry from endpoints, identities, cloud, and network.
• Develop hunting queries using Kusto Query Language (KQL) or similar to identify suspicious patterns and behaviors.
• Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
• Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
• Contribute to incident documentation, detection playbooks, and operational runbooks.
• Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).