CrawlJobs Logo

Senior Security Analyst

United States, Multiple Locations Employment contract 119800.00 - 234700.00 USD / Year · Job Posted June 30, 2026
Apply Position
Job Link Share

Job Description

The Cyber Defense Investigations – Escalations (CDI-ESC) team is Microsoft's deep-dive investigative arm within Cyber Defense Operations (CDO). We lead the most complex, high-severity, and nation-state security incidents across Microsoft's first-party cloud estate, conducting root cause analysis, blast radius assessment, threat actor attribution, and intelligence-driven hunting. Our work directly disrupts adversaries targeting Microsoft and our customers, and feeds platform-level fixes, detections, and intelligence back into the ecosystem. Join Microsoft's CDI Escalations team and work at the forefront of cyber defense, investigating the most complex nation-state, supply chain, cloud, and identity-based attacks targeting Microsoft. Our team goes beyond traditional incident response, we combine deep investigations, threat hunting, intelligence operationalization, and cross-organizational collaboration to identify adversaries, drive platform-wide security improvements, and build defenses that prevent future attacks. You'll partner with leaders across MSTIC, GHOST, Detection Engineering, and service teams, leverage AI-powered investigation techniques, and directly influence Microsoft's security posture while solving some of the industry's hardest security challenges. We are looking for a Senior Security Analyst to join the team! Starting February, 2026, Microsoft employees are expected to work from a designated Microsoft office at least three days a week if they live within 50 miles (U.S.) or 25 miles (non-U.S., country-specific) of that location. This expectation is subject to local law and may vary by jurisdiction.

Job Responsibility

  • Lead deep-dive investigations into the most complex and high-severity security incidents, including root cause analysis, blast radius assessment, threat actor attribution, and impact/scope determination
  • Proactively hunt across Microsoft's cloud and identity telemetry (e.g., MSTIC, Kusto/ADX, ArmProd, ESTS) to surface emerging threats and operationalize threat intelligence into queries, notebooks, and detection logic
  • Drive cross-team response for nation-state, supply chain (npm, GitHub, OpenVSX), and identity-based compromises - partnering with MSTIC, OpsHub, Detection Engineering, Evictions, and Service teams to contain and remediate at scale
  • Translate investigation findings into durable improvements - new detections, platform fixes, playbooks, and process changes - so the same class of attack does not succeed twice
  • Raise the bar on investigation quality, contributing to documented standards, peer reviews, and measurable rigor across incidents, hunts, and forensics
  • Leverage AI and Copilot technologies to accelerate triage, evidence collection, and analysis, helping the team stay ahead of attackers operating at machine speed
  • Mentor and uplevel peers in advanced investigation techniques, threat actor tradecraft, and reverse engineering, building a strong culture of investigative excellence

Requirements

  • Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Nice to have

  • Bachelor's degree in Computer Science, Information Security, a related technical field, AND 4+ years of experience in cybersecurity, incident response, coordination and presentation with executive level professionals, threat hunting, or security investigations
  • OR equivalent experience (6+ years of hands-on security investigation/forensic experience in lieu of degree)
  • 3+ years of experience conducting security investigations in large-scale cloud or enterprise environments (Azure, AWS, GCP, or M365)
  • Demonstrated experience with log analysis and query languages (KQL/Kusto, SQL, or equivalent) across SIEM, identity, endpoint, or cloud telemetry
  • Working knowledge of modern attacker tradecraft, the MITRE ATT&CK framework, and common cloud/identity attack paths (e.g., token theft, OAuth abuse, supply chain compromise)
  • Experience investigating nation-state or financially motivated threat actors and producing attribution-quality analysis
  • Hands-on experience with supply chain compromise investigations (npm, GitHub Actions, OpenVSX, signing/artifact abuse) or identity-plane incidents (Entra ID/AAD, ESTS, federation)
  • Familiarity with Microsoft security data sources - MDC, Defender XDR, Sentinel, Azure Resource Graph
  • Experience building or consuming AI/Copilot-assisted investigation tooling, automation, or notebooks to scale analyst workflows
  • Strong written communication - able to produce executive-ready investigation reports, retrospectives, and cross-org technical briefs
  • Industry certifications such as GCFA, GCIH, GCFE, GREM, OSCP, CISSP, or equivalent
  • Prior experience working in CIRT function

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Security Analyst

8 matching positions

New

Senior Security Analyst

Made Tech helps UK public sector organisations build and run secure, user-centre...
Location
Location
United Kingdom , Any UK Office Hub (Bristol / London / Manchester / Swansea)
Salary
Salary:
50000.00 - 60000.00 GBP / Year
madetech.com Logo
Made Tech
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hold one of the following - Systems Security Certified Practitioner (SSCP), CompTIA Security+, or an equivalent foundational operational security credential expected of Senior SOC analysts
  • Certifications that would strengthen your application: Certified Cloud Security Professional (CCSP), CompTIA Advanced Security Practitioner (CASP+), HTB Certified Defensive Security Analyst (HTB CDSA)
  • Experience applying structured analytical techniques - ACH, key-assumptions checks, or similar, to produce rigorous, bias-resistant intelligence assessments, and comfort peer-reviewing others' analytic tradecraft
  • Working knowledge of cloud security event investigation and cloud detection tuning, particularly across AWS, Azure, or GCP environments, including understanding of infrastructure-level telemetry
  • Experience framing security findings in risk terms for non-technical stakeholders — communicating likelihood, impact, and recommended treatment clearly, and reflecting asset criticality and threat context in prioritisation decisions
  • Evidence of building or improving SOAR playbooks, automated triage workflows, or equivalent automation that reduced analyst toil in a SOC or detection-engineering context
  • Familiarity with UK government security frameworks — in particular the NCSC CAF, GovAssure, and HMG Security Policy Framework — and experience aligning detection or response work to those standards in a government or regulated environment
  • Experience working within an agile or Kanban-based team model, contributing to workflow improvement, running or participating in retrospectives, and helping the team improve its own practices — not just delivering within them
  • Experience acting as a trusted working-level contact for client security stakeholders — anchoring on their actual outcomes, raising concerns or opportunities proactively, and contributing subject-matter expertise to proposals or bids
  • Hands-on experience with at least one major SIEM platform (for example, Splunk, Microsoft Sentinel, or Elastic Security) including writing and tuning detection rules
Job Responsibility
Job Responsibility
  • Lead threat hunts and intrusion investigations
  • Author, tune, and peer-review detection content
  • Own sub-cycles of the intelligence lifecycle
  • Lead incident response and drive improvement
  • Build SOAR playbooks and auto-triage
  • Align security operations to UK public sector standards
  • Mentor junior analysts and raise team standards
  • Contribute to the practice beyond your immediate engagement
What we offer
What we offer
  • 30 days Holiday
  • Flexible Working Hours
  • Flexible Parental Leave
  • Remote Working
  • Paid counselling
  • SC Eligibility
  • Smart Tech scheme
  • Cycle to work scheme
  • Individual benefits allowance which you can invest in a Health care cash plan or Pension plan
  • Optional social and wellbeing calendar of events
  • Fulltime
Read More
Arrow Right

Senior Security Analyst

You will work as part of a 24/7 Global Security Operations Centre. The Senior SO...
Location
Location
United Kingdom
Salary
Salary:
Not provided
admiralgroup.co.uk Logo
Admiral Group Plc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years’ experience as a Senior SOC Analyst within an internal SOC environment
  • Strong experience in a SOC environment, including handling high‑severity incidents
  • Deep understanding of attacker tradecraft across endpoint, identity, cloud, and email attack surfaces
  • Hands‑on experience with SIEM, EDR, and security investigation platforms
  • Proven threat hunting experience using dashboards, structured queries, and behavioural analytics
  • Experience tuning detections and implementing well‑governed exclusions without increasing risk
  • Ability to clearly document investigations, decisions, and outcomes
  • Experience using AI or machine‑learning features within security products
  • Familiarity with SOAR workflows and automation concepts
  • Knowledge of detection engineering concepts and use‑case lifecycle management
Job Responsibility
Job Responsibility
  • Act as senior escalation point for complex/high-severity alerts across SIEM, EDR, cloud and identity platforms
  • Lead end-to-end incident response (investigation, containment, eradication, and post-incident review)
  • Correlate alerts with threat intelligence and business context to assess risk and impact
  • Produce clear investigation summaries for technical and non-technical stakeholders
  • Collaborate closely with Incident Response during escalations
  • Use AI-enabled features across SOC tooling to accelerate analysis and investigations
  • Apply strong judgement to validate AI outputs and avoid automation bias
  • Provide feedback to improve tooling, workflows, and AI effectiveness
  • Support development of safe and consistent AI usage standards within the SOC
  • Conduct proactive threat hunting using queries, dashboards and behavioural analytics
What we offer
What we offer
  • Up to £3,600 of free shares each year after one year of service
  • 33 days holiday (including bank holidays) increasing to up to 38 days
  • Option to buy or sell up to an additional five days of annual leave
  • Financial & Mortgage Advice
  • 24-Hour Ecare
  • Cycle to Work Scheme
  • Flexible Working
  • Simply Health
  • Private Health Cover
  • Critical Illness Cover
  • Fulltime
Read More
Arrow Right

Senior Security Analyst

The Cloud & AI organization accelerates Microsoft's mission and bold ambitions t...
Location
Location
United States , Multiple Locations
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Rapid threat investigations for all first party Microsoft security incidents
  • High severity adversary response, including root cause, blast radius, and attacker behavior analysis
  • Uplifting defenses through intelligence driven detective and preventive controls
What we offer
What we offer
  • Benefits and other compensation
  • certain roles may be eligible for additional pay
  • Fulltime
Read More
Arrow Right

Cloud Security Senior Cyber Security Analyst

For this activity, we are looking for a Senior Cloud & On-Premises Infrastructur...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years of experience designing and delivering complex cloud and on-premises infrastructures
  • Strong knowledge of security tools such as SSPM, DSPM, or CNAPP
  • Ability to write clear and structured technical documentation
  • Strong knowledge of SaaS environments (Google Workspace, ServiceNow, Workday, Salesforce)
  • Proven experience onboarding solutions in hybrid environments (cloud and on-premises)
  • Knowledge of security frameworks such as NIST, CIS, MITRE ATT&CK, and MITRE D3FEND
  • Knowledge of the CrowdStrike Falcon® Shield solution (formerly Adaptive Shield)
  • Strong expertise in cloud architecture (networking, compute, identity, storage, governance)
  • Cloud Certifications - Google, AWS / Azure
  • Engineering Graduate - preferably B.E. /B.Tech in IT or Computer Engineering
Job Responsibility
Job Responsibility
  • Configure the SSPM solution (SaaS)
  • Create a simple SSPM training material
  • Onboarding 4 SaaS applications = Google Workspace, ServiceNow, Workday, Salesforce on the SSPM
  • Define the SaaS hardening baseline
  • Configure the SSPM alerts
  • Produce a detailed SSPM training manual aligned with the customer environment
  • Collaborate with the customer SaaS team to integrate SaaS applications into the SSPM tool, ensuring security rules are correctly implemented
  • Collaborate with the customer SaaS team to configure alerts within the SSPM solution
  • Fulltime
Read More
Arrow Right

Senior Information Security Cyber Security Data Analyst

Senior Information Security Cyber Security Data Analyst – Assistant Vice Preside...
Location
Location
India , Pune
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-12 years of relevant experience in Cyber Security, Information security, primarily into building data pipelines, Data collection and management, Data transformation etc.
  • Building Data Pipelines: Creating systems for collecting, storing, and transforming data from various sources. Impala, Hive
  • Data Collection and Management: Data engineers are responsible for gathering data from various sources, ensuring its quality, and making it accessible for analysis.
  • Data Transformation: They convert raw data into usable formats, often using ETL (Extract, Transform, Load) processes, to big data platform of Hadoop, Cloud technologies like DataBricks and Snowflake to make it suitable for analysis and reporting.
  • Applicable Certifications or willingness to earn within 12 months of joining
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Identify potential information security (IS) risks and make recommendations for enhancement
  • Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials
  • Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization
  • Ensure that controls are utilized daily and that non-compliance remediation is addressed
  • Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
  • Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards
  • Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements
  • Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business
  • Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
  • Has the ability to operate with a limited level of direct supervision.
  • Fulltime
Read More
Arrow Right

Senior Analyst – Security Operations Center, Operations Technology

Are You Ready to Make It Happen at Mondelēz International? Join our Mission to L...
Location
Location
Philippines
Salary
Salary:
Not provided
remotivatejobs.com Logo
RemotivateJobs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Information security, compliance and risk management
  • Security solutions and their applicability to Mondelēz International
  • Security strategies, awareness campaigns, policies/standards and governance
  • Communicating effectively with technical specialists, leaders and peers
  • Analytical and problem-solving abilities
  • Being a team player by supporting and leading to achieve common goals
Job Responsibility
Job Responsibility
  • Assess information security risks in line with internal policy and external best practices
  • Support the security of information and IT assets by testing security systems and applying security standards, policies, and procedures
  • Under the guidance of the global information security lead, implement cyber security technology and provide day-to-day business support
  • Manage third-party providers to ensure that any internal or third-party adhere to standards
  • Provide information security training to appropriate teams
  • Fulltime
Read More
Arrow Right

Email Security Senior Analyst (Vice President)

The Email Security Senior Analyst is responsible for providing expert support an...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent work experience
  • IS Certifications are desired (CISSP, GSEC, GCFA,GREM, Security+, CISA, CISM). Email vendor certifications a plus
  • Strong experience with configuration, administering, troubleshooting email routing and filtering in Exchange, Exchange Online, Proofpoint and other enterprise level email security gateways (such as inbound routes, whitelists, email firewall rules, spam/AV, logging/reporting, TAP, TRAP, domain rewrites, secure messaging and recipient verification)
  • Experience in analyzing domain email activity and deploying SPF, DKIM and DMARC authentication
  • Experience with enterprise phishing defense concepts and technologies
  • Minimum 3+ years working in security engineering or security operations role, with a focus on email security
  • Cross-functional understanding of email operations, security practices and the user experience
  • Highly technical and analytical expertise, with a proven deep background (preferred 5+ years’ IT experience in addition to cybersecurity) in technology design, implementation, and delivery
  • Strong understanding of and demonstrated experience with the tools and sources available to conduct email and threat analysis
  • Ability to identify and develop new processes to address cross-functional and cross-business requirements and implement
Job Responsibility
Job Responsibility
  • Provide expertise and experience to existing and future functions and projects focused on email threats and controls
  • Actively monitor and research cyber threats with a direct or indirect impact to the Citi brand
  • Analyze and provide oversight of analysis of email threats and controls
  • Provide leadership, solution design, and hands-on development support for email security controls
  • Develop and manage processes to track identified incidents to resolution
  • Develop weekly, monthly, quarterly, and annual metrics and reports as needed
  • Develop written analytical reports and give presentations on findings
  • Triage information received from vendors and process that information through previously defined internal workflows
  • Manage third party vendors to ensure proper delivery of services
  • Manage meetings with internal stakeholders to address open issues and identify process improvements
  • Fulltime
Read More
Arrow Right

Information Security Senior Analyst

The Information Security Senior Analyst is an intermediate level position respon...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Applicable Certifications (CISSP, CISA, CISM, CRISC or equivalent) or willingness to earn within 12 months of joining
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Fluent English
  • Bachelor’s degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Identify potential information security (IS) risks and make recommendations for enhancement
  • Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials
  • Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization
  • Ensure that controls are utilized daily and that non-compliance remediation is addressed
  • Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
  • Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards
  • Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements
  • Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business
  • Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
  • Has the ability to operate with a limited level of direct supervision
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right