Microsoft Defender Experts provides expert-led services that help organizations defend against advanced cyberthreats, build long‑term resilience, and modernize security operations with confidence. The Microsoft Defender Experts combines managed extended detection and response (MXDR), end-to-end proactive and reactive incident response, and direct access to a designated Microsoft security advisor to help you protect your organization and accelerate security outcomes.

We are seeking for a passionate cybersecurity professionals to join our growing team of Defenders. In this role, you will proactively perform Threat Hunting to detect advanced attacks, investigate, and respond to it across enterprise environments using cutting-edge and AI enabled security tools and threat intelligence. The ideal candidate combines strong security expertise with a curious mindset and skills to conduct deep threat analysis.

• Monitor, triage, and respond to security incidents using alerts and incidents from Microsoft Defender products (MDE, MDI, MDO, MDA, MDC, Sentinel etc.)
• Perform proactive threat hunting using hypothesis, and telemetry from endpoints, identities, cloud and network.
• Develop hunting queries using Kusto Query Language (KQL) or similar to uncover suspicious patterns and behaviours.
• Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
• Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
• Contribute to incident documentation, detection playbooks, and operational runbooks.
• Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).
• Develop necessary automation (e.g. using Jupyter Notebooks) to scale Threat Hunting.

• Graduate degree in engineering or equivalent discipline.
• 7–15 years of experience in cybersecurity (SOC, IR, Threat Hunting, Red Team).
• Hands-on experience with SIEM, EDR, and cloud-native security tools (Microsoft XDR, Sentinel, CrowdStrike, etc.).
• Good experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
• Proficiency in KQL, Python, or similar scripting languages for data analysis and automation.
• Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
• Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.