- Experienced in threat research, with a deep comprehension of Microsoft cloud ecosystems, SaaS security, and identity-based threats.
- Robust knowledge of Microsoft security tools, including Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and Sentinel.
- Proficient in adversary TTP analysis, phishing attack research, misconfiguration risks, and security posture hardening.
- Data-driven researcher, with experience using SQL, PySpark, KQL, and other query-based tools to analyze large datasets.
- Skilled at bridging security research with engineering, ensuring insights lead to practical security improvements.
- Able to successfully work within agile, cross-functional teams to enhance security in Microsoft cloud environments.
- Proficient communicator, able to deliver detailed research findings to both technical and non-technical stakeholders.
- Conduct in-depth research on Microsoft cloud security threats, phishing techniques, and identity-based attack vectors.
- Track APT groups, financially motivated actors, and cloud-native threat campaigns targeting Azure and Microsoft 365 environments.
- Analyze MFA bypass techniques, token theft, session hijacking, and adversary tactics used against Microsoft authentication mechanisms.
- Reverse-engineer phishing kits, hostile systems, and cloud-based attack plans to enhance our security expertise.
- Develop threat models and in-depth attack reports to inform Microsoft-focused threat intelligence.
- Research misconfigurations, security posture risks, and SaaS security gaps in Microsoft Entra ID, Azure AD, and M365 security settings.
- Develop SSPM research insights and contribute to configuration playbooks to improve Microsoft cloud security posture.
- Identify misconfiguration-driven threats and work with Engineering to enhance detection and mitigation strategies.
- Analyze security posture deviations that could expose Microsoft environments to account takeovers, phishing, and privilege escalation attacks.
- Provide deep-dive research into Microsoft cloud attack methodologies to help enhance security product capabilities.
- Work with R&D and Engineering teams to ensure research findings translate into practical security enhancements.
- Deliver technical briefings and intelligence reports on Microsoft threat trends, attacker tactics, and detection opportunities.
- Partner with internal stakeholders to evaluate emerging threats and recommend security improvements for Microsoft cloud environments.
- 5+ years in threat research, cyber threat intelligence, or adversary tracking.
- 3+ years focused on Microsoft cloud security (Azure, M365, Defender, Entra ID, or Sentinel).
- Expertise in Microsoft cloud security architecture, identity protection, SaaS security, and misconfiguration risks.
- Deep knowledge of MITRE ATT&CK, Microsoft attack techniques, and adversary tradecraft.
- Hands-on experience with Microsoft Defender for Office 365, Defender for Identity, and Microsoft Sentinel.
- Experience working with or building SSPM solutions for Microsoft cloud security posture management.
- Security certifications (GCTI, GCFA, CISSP, or Microsoft security-related).
- Experience in researching cloud system security, conducting attack simulations, and identifying security problems caused by configuration errors.
- Background in SaaS security posture analysis and cloud security hardening.
Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here. If you would like more information on your EEO rights under the law, please click here.
Similar Jobs
What We Do
The Abnormal Security platform protects enterprises from targeted email attacks. Abnormal Behavior Technology (ABX) models the identity of both employees and external senders, profiles relationships and analyzes email content to stop attacks that lead to account takeover, financial damage and organizational mistrust. Though one-click, API-based Office 365 and G Suite integration, Abnormal sets up in minutes and does not disrupt email flow. Abnormal Security was founded in 2018 by CEO Evan Reiser, CTO Sanjay Jeyakumar, Head of Machine Learning Jeshua Bratman, and Founding Engineers Abhijit Bagri and Dmitry Chechik. The team previously built behavioral profiling and machine learning technologies at Twitter, Google and Pinterest that are being applied to solve a problem that costs organizations $1 billion per year, according to the FBI. The Abnormal Security platform stops targeted phishing, business email compromise and account takeover attacks that have never been seen before.
