Threat Researcher

Abnormal AI is looking for a Threat Researcher with expertise in Microsoft cloud security, threat research, and SaaS Security Posture Management (SSPM). In this position, you will look into threats against Microsoft cloud services, learn about attacker techniques, and identify security vulnerabilities. You will also work to strengthen our security and find solutions to stop these threats. You will work closely with R&D and Engineering teams to enhance security product capabilities, refine detections, and develop configuration playbooks for Azure, Microsoft 365, Defender Suite, and Entra ID. This is a fully remote position also open to UK and EMEA locations.

Who you are

Experienced in threat research, with a deep comprehension of Microsoft cloud ecosystems, SaaS security, and identity-based threats.

Robust knowledge of Microsoft security tools, including Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and Sentinel.

Proficient in adversary TTP analysis, phishing attack research, misconfiguration risks, and security posture hardening.

Data-driven researcher, with experience using SQL, PySpark, KQL, and other query-based tools to analyze large datasets.

Skilled at bridging security research with engineering, ensuring insights lead to practical security improvements.

Able to successfully work within agile, cross-functional teams to enhance security in Microsoft cloud environments.

Proficient communicator, able to deliver detailed research findings to both technical and non-technical stakeholders.

What you will do

Threat Research & Adversary Tracking

Conduct in-depth research on Microsoft cloud security threats, phishing techniques, and identity-based attack vectors.

Track APT groups, financially motivated actors, and cloud-native threat campaigns targeting Azure and Microsoft 365 environments.

Analyze MFA bypass techniques, token theft, session hijacking, and adversary tactics used against Microsoft authentication mechanisms.

Reverse-engineer phishing kits, hostile systems, and cloud-based attack plans to enhance our security expertise.

Develop threat models and in-depth attack reports to inform Microsoft-focused threat intelligence.

SSPM & Security Posture Research

Research misconfigurations, security posture risks, and SaaS security gaps in Microsoft Entra ID, Azure AD, and M365 security settings.

Develop SSPM research insights and contribute to configuration playbooks to improve Microsoft cloud security posture.

Identify misconfiguration-driven threats and work with Engineering to enhance detection and mitigation strategies.

Analyze security posture deviations that could expose Microsoft environments to account takeovers, phishing, and privilege escalation attacks.

Security Research & Cross-Functional Collaboration

Provide deep-dive research into Microsoft cloud attack methodologies to help enhance security product capabilities.

Work with R&D and Engineering teams to ensure research findings translate into practical security enhancements.

Deliver technical briefings and intelligence reports on Microsoft threat trends, attacker tactics, and detection opportunities.

Partner with internal stakeholders to evaluate emerging threats and recommend security improvements for Microsoft cloud environments.

Must Haves

5+ years in threat research, cyber threat intelligence, or adversary tracking.

3+ years focused on Microsoft cloud security (Azure, M365, Defender, Entra ID, or Sentinel).

Expertise in Microsoft cloud security architecture, identity protection, SaaS security, and misconfiguration risks.

Deep knowledge of MITRE ATT&CK, Microsoft attack techniques, and adversary tradecraft.

Hands-on experience with Microsoft Defender for Office 365, Defender for Identity, and Microsoft Sentinel.

Nice to Have

Experience working with or building SSPM solutions for Microsoft cloud security posture management.

Security certifications (GCTI, GCFA, CISSP, or Microsoft security-related).

Experience in researching cloud system security, conducting attack simulations, and identifying security problems caused by configuration errors.

Background in SaaS security posture analysis and cloud security hardening.

Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here . If you would like more information on your EEO rights under the law, please click here .

As part of Abnormal AI's secure hiring practices, we conduct video interviews and validate applicant identity at various stages through our recruitment process. Further, if your application is successful and Abnormal AI makes a conditional offer of employment, we will carry out pre-employment checks which must be successfully completed to progress to a final offer. All processes and pre-employment checks are in line with prevailing legislation and Abnormal AI's policies relevant to our security and privacy standards.Abnormal AI is committed to protecting your privacy. Please review our Abnormal AI Applicant Privacy Policy for full information about how Abnormal AI uses your personal information. By submitting an application you confirm that you have read and understand the Abnormal AI Applicant Privacy Policy .

We're one of the world's fastest growing cybersecurity companies, on a mission to protect the modern workplace from the most pressing threats. Our AI-native technology was built from the ground up to tackle forward-looking security challenges, and our team works with bleeding-edge technology to keep our customers and their people safe as attacks grow ever more sophisticated.Our team is what makes us successful, which is why we're committed to a culture of learning, ownership, and high performance, where you'll have the opportunity to accelerate your growth and unlock excellence with the support of talented colleagues.

Taking care of our team goes beyond the office. Our compensation and benefits philosophy is designed to put attract, motivate, and retain top talent: Competitive Compensation We pay competitively to attract, reward, and retain top talent in the market

Equity is an important part of our total comp strategy

When the company does well, we all do well. Equity is an important and exciting part of our total compensation strategy as a pre-IPO startup. We’re guided by the belief our team members should share in the financial success of our company and grant equity accordingly.

Flexible PTO

All regular salaried team members enjoy flexible PTO. We want team members to grow with us, and a big part of that is making sure our team has the opportunity to rest and recharge. We also observe 12 paid holidays every year.

Generous Healthcare Coverage for You and Your Family

Taking care of our team goes beyond the office. In the US, we cover 100% of employee health care premium costs, and up to 100% for dependents, depending on the plan. Internationally, we offer similarly generous coverage, customized to each country in which we operate.

Fully Distributed Workforce

Operating as a globally-distributed, majority remote company means we get to work with talented folks, no matter where they live. We prioritize a balance of deep focus time with Zoom meetings, and regular in-person events.As a fast growing startup, we continuously review, improve, and personalize our benefits offerings based on the team’s input. Don’t see something that’s important to you? Let us know!

We value transparency at Abnormal, and our interview process is no exception.

Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here . If you would like more information on your EEO rights under the law, please click here .

Learn more about Abnormal's Privacy Policy here .

We have been made aware that there are potential scammers posing as Abnormal AI recruiters. Please ensure that any communication you have with our recruitment team comes from an official Abnormal email domain. Your safety and privacy are important to us, and we will never request sensitive personal information outside of our secure application process. Thank you for helping us maintain a secure and trustworthy application experience. Should you encounter what you believe to be a scamming attempt at any time in your recruiting process, please let us know at security@abnormalsecurity.com