Microsoft Defender Experts provides expert-led services that help organizations defend against advanced cyberthreats, build long‑term resilience, and modernize security operations with confidence. The Microsoft Defender Experts combines managed extended detection and response (MXDR), end-to-end proactive and reactive incident response, and direct access to a designated Microsoft security advisor to help you protect your organization and accelerate security outcomes.

We are seeking for a passionate cybersecurity professionals to join our growing team of Defenders. In this role, you will proactively detect, investigate, and respond to advanced threats across enterprise environments using cutting-edge and AI enabled security tools and threat intelligence. The ideal candidate combines strong security expertise with a curious mindset and skills to conduct deep threat analysis.

• Monitor, triage, and respond to security incidents using alerts and incidents from Microsoft Defender products (MDE, MDI, MDO, MDA, MDC, Sentinel etc.)
• Perform proactive threat hunting using hypothesis, and telemetry from endpoints, identities, cloud and network.
• Develop hunting queries using Kusto Query Language (KQL) or similar to uncover suspicious patterns and behaviors.
• Investigate security incidents across hybrid environments and contribute to root cause analysis and containment strategies.
• Collaborate with internal teams (defender, threat intelligence, engineering) to enhance detection logic, develop automations, and improve incident response workflows.
• Contribute to incident documentation, detection playbooks, and operational runbooks.
• Stay current with evolving threat landscapes, cloud attack vectors, and advanced persistent threats (APT).

36. • Graduate degree in engineering or equivalent discipline.
    • 3–5 years of experience in cybersecurity (SOC, IR, Threat Hunting, Red Team).
    • Hands-on experience with SIEM, EDR, and cloud-native security tools (Microsoft XDR, Sentinel, CrowdStrike, etc.).
    • Experience with at least one cloud platform (Azure, AWS, GCP) and its associated security services and configurations.
    • Proficiency in KQL, Python, or similar scripting languages for data analysis and automation.
    • Strong knowledge of MITRE ATT&CK, Cyber Kill Chain, and adversary TTPs.
    • Familiarity with operating system internals (Windows, Linux) and endpoint/network forensics.
    • This role requires the candidate to work in shifts.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.