Threat Context Analyst - Microsoft : Job Details

The Microsoft Threat Analysis Center (MTAC) is looking for a threat AI investigator in the role of Threat Context Analyst who will focus on identifying and mitigating AI abuses. This role involves tracking and investigating sophisticated actors, ranging from nation-state threat groups to influence-for-hire actors, and beyond. They will contribute to MTAC's mission to detect, assess, and disrupt digital threats to Microsoft, its customers, and governments worldwide. MTAC is part of the Customer Security & Trust (CST) organization within Microsoft's Corporate, External, and Legal Affairs (CELA) group.

In this role, the analyst will focus on identifying and mitigating AI abuses on Microsoft's platforms and beyond. This role involves tracking and investigating sophisticated actors, ranging from nation-state threat groups to influence-for-hire actors. In this role you will possess both deep geopolitical knowledge and the technical ability to build workflows that reliably surface and track these actors and their influence sets, conducting thorough investigations. They will also write and brief on a broader set of analytic findings, integrating open-source information with historical analysis to communicate succinctly and effectively to executives, government officials and public audiences.

Responsibilities

• Research and assess cyber and malign influence threats at tactical and strategic levels by drawing on information from social media accounts and websites, foreign policy priorities and perspectives from open-source reporting.

• Understand the components of generative AI and how technology stacks produce AI outputs.

• Identify and triage AI abuses based on behavioral and technical indicators.

• Write threat intelligence reports for audiences on adversary influence actors, networks, and operations powered by artificial intelligence (AI).

• Work closely with the broader Microsoft Threat Intelligence team in its investigations of nation state cyber, influence, and AI-first actor investigations.

• Develop engaging presentations and brief various stakeholders under tight deadlines.?

• Follow innovative, non-intrusive, law-abiding methods for detecting, diagnosing, and deterring the most advanced and prolific threats in the information environment.

Qualifications

Required/minimum qualifications

• Master's Degree in Mathematics, Analytics, Engineering, Computer Science, Marketing, Business, Economics or related field AND 1+ year(s) experience investigating a combination of cyber and influence operations in either the public sector, private sector or a combination of the two

• OR Bachelor's Degree in Statistics, Finance, Mathematics, Analytics, Engineering, Computer Science, Marketing, Business, Economics or related field AND 2+ years experience investigating a combination of cyber and influence operations in either the public sector, private sector or a combination of the two

• OR equivalent experience.

• Proficiency in data wrangling and processing pipelines using tools such as pandas, NumPy, or PySpark and fluency in Python and SQL tools with experience collecting large-scale data, building analytics/automation pipelines, creating dashboards, and communicating data-driven insights to non-technical partners.

• Experience building exploratory predictive models, including rapid profiling of new data sets and application of lightweight ML/statistics (clustering, anomaly detection, baseline classifiers/regressors) to surface trends and generate actionable insights and forecasts.

Additional or preferred qualifications

• Deep understanding of how generative AI systems work end-to-end, from data collection and pretraining through fine-tuning and inference.

• Extensive hands-on use of LLMs and experience red-teaming or evaluating failure modes (jailbreaks, hallucinations, bias, prompt injection, leakage)

• Understanding of AI prompt engineering and prompt attack methods (e.g., prompt injection, indirect prompt leakage, prompt leaking across contexts).

• Ability to distinguish different threat actor techniques for employing generative AI and how they can be correlated to attribute threat actors.

Other Requirements:

• Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. ?As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate's citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.

• This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate's citizenship will be verified with a valid passport.

Business Analytics IC3 - The typical base pay range for this role across the U.S. is USD $85,100 - $169,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $112,000 - $185,300 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until August 29, 2025.

#CELA

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations ( .