Threat Researcher

at Abnormal Security
  • Remote - United Kingdom, Europe

Remote

Cybersecurity

Mid-level

Job description

About the Role

Abnormal Security is looking for a Threat Researcher with expertise in Microsoft cloud security, threat research, and SaaS Security Posture Management (SSPM). In this role, you will conduct deep-dive research on Microsoft cloud threats, adversary techniques, and misconfigurations, while also contributing to security posture improvements and mitigation strategies. You will work closely with R&D and Engineering teams to enhance security product capabilities, refine detections, and develop configuration playbooks for Azure, Microsoft 365, Defender Suite, and Entra ID.

Who you are

  • Experienced in threat research, with a deep understanding of Microsoft cloud ecosystems, SaaS security, and identity-based threats.
  • Strong knowledge of Microsoft security tools, including Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and Sentinel.
  • Proficient in adversary TTP analysis, phishing attack research, misconfiguration risks, and security posture hardening.
  • Data-driven researcher, with experience using SQL, PySpark, KQL, and other query-based tools to analyze large datasets.
  • Skilled at bridging security research with engineering, ensuring insights lead to practical security improvements.
  • Comfortable working in agile, cross-functional teams, driving security posture improvements across Microsoft cloud environments.
  • Strong communicator, able to deliver detailed research findings to both technical and non-technical stakeholders.

What you will do

Threat Research & Adversary Tracking

  • Conduct in-depth research on Microsoft cloud security threats, phishing techniques, and identity-based attack vectors.
  • Track APT groups, financially motivated actors, and cloud-native threat campaigns targeting Azure and Microsoft 365 environments.
  • Analyze MFA bypass techniques, token theft, session hijacking, and adversary tactics used against Microsoft authentication mechanisms.
  • Reverse-engineer phishing kits, adversary infrastructure, and cloud-native attack methodologies to enhance security insights.
  • Develop threat models and in-depth attack reports to inform Microsoft-focused threat intelligence.

SSPM & Security Posture Research

  • Research misconfigurations, security posture risks, and SaaS security gaps in Microsoft Entra ID, Azure AD, and M365 security settings.
  • Develop SSPM research insights and contribute to configuration playbooks to improve Microsoft cloud security posture.
  • Identify misconfiguration-driven threats and work with Engineering to enhance detection and mitigation strategies.
  • Analyze security posture deviations that could expose Microsoft environments to account takeovers, phishing, and privilege escalation attacks.

Security Research & Cross-Functional Collaboration

  • Provide deep-dive research into Microsoft cloud attack methodologies to help enhance security product capabilities.
  • Work with R&D and Engineering teams to ensure research findings translate into practical security enhancements.
  • Deliver technical briefings and intelligence reports on Microsoft threat trends, attacker tactics, and detection opportunities.
  • Partner with internal stakeholders to evaluate emerging threats and recommend security improvements for Microsoft cloud environments.

Must Haves

  • 5+ years in threat research, cyber threat intelligence, or adversary tracking.
  • 3+ years focused on Microsoft cloud security (Azure, M365, Defender, Entra ID, or Sentinel).
  • Expertise in Microsoft cloud security architecture, identity protection, SaaS security, and misconfiguration risks.
  • Strong data analysis skills with experience using SQL, PySpark, KQL, or similar tools to analyze cloud-based threats.
  • Deep knowledge of MITRE ATT&CK, Microsoft attack techniques, and adversary tradecraft.
  • Hands-on experience with Microsoft Defender for Office 365, Defender for Identity, and Microsoft Sentinel.

Nice to Have

  • Experience working with or building SSPM solutions for Microsoft cloud security posture management.
  • Security certifications (GCTI, GCFA, CISSP, or Microsoft security-related).
  • Experience in cloud-native security research, attack simulations, or misconfiguration exploitation analysis.
  • Background in SaaS security posture analysis and cloud security hardening.

#LI-LB3

Share this job:
Please let Abnormal Security know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Abnormal Security logo

Abnormal Security

Cloud-Native Email Security

  • Founded in 2018
  • 88 remote jobs

Latest Jobs at Abnormal Security

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply now