Principal Applied Threat Intelligence Analyst, Microsoft Security Threat Response

Microsoft

Quick summary

Work type: On-site
Location: Redmond, WA
Salary: $142,800–$274,800 / yr
Posted: 11 days ago
Closes: Dec 14, 2026
Nearby: 99+ roles within 25 mi

Market check

Salary context

Above market

How this pay compares to similar roles

Similar $167k

This role $209k

$109k most similar roles pay here $293k

This role pays more than 80% of similar roles. Most pay $140,275–$193,000 — the shaded band above. At the midpoint, this role pays about $209k versus about $167k for comparable roles.

Based on 239 similar postings.

Employer

About Microsoft

Microsoft Corporation is a global technology leader producing software, hardware, and cloud services including Windows, Office 365, Azure cloud platform, Xbox gaming, and Surface devices. Industry: Software & Cloud Computing

Microsoft currently has 622 open roles on FindRole.

Listed pay typically runs $119,800–$234,700 across 571 roles with salary data.

Most-posted roles

View all roles at Microsoft

At a glance

TL;DR · Principal Applied Threat Intelligence Analyst, Microsoft Security Threat Response

Role Posting Log in to save

As a Principal Applied Threat Intelligence Analyst at Microsoft Security Research’s Applied Threat Production Intelligence team, you will author high-impact threat intelligence reports for both internal and external audiences, translating complex technical findings into actionable guidance. You will collaborate with product, research, marketing, and communications teams to disseminate intel through customer-facing platforms like Agentic Security, Defender XDR, Sentinel, blogs, and briefings. Additionally, you will build and refine pipelines and tooling to stream threat intelligence at machine speed, represent Microsoft in industry events, and mentor analysts. The role requires 10+ years of experience in cyber threat intelligence or related fields, expertise with Microsoft Sentinel and Defender XDR, knowledge of adversary tradecraft and analytical frameworks like MITRE ATT&CK, and proficiency in programming languages such as Python, PowerShell, C#, and C++.

Skills

Microsoft Sentinel Microsoft Defender XDR MITRE ATT&CK Diamond Model Python PowerShell C# C++ network protocols binary analysis static analysis behavioral analysis SIEM XDR

What you'll do

Author high-impact threat intelligence reports for both internal and external audiences.
Translate technical findings into actionable guidance for security operations teams.
Partner with product teams to integrate intelligence on Microsoft’s customer-facing platforms.
Build and refine pipelines for streaming cyber threat intelligence at machine speed.
Represent Microsoft Threat Intelligence in industry conferences and working groups.
Mentor analysts and contribute to the development of analytic standards.

What we're looking for

10+ years of experience in cyber threat intelligence, threat hunting, or incident response.
Proven ability to produce high-quality threat intelligence reports for technical and executive audiences.
Expertise in creating threat group attributions and communicating assessments effectively.
Proficiency with Microsoft Sentinel and Defender XDR or comparable SIEM/XDR platforms.
Strong understanding of adversary tradecraft, MITRE ATT&CK framework, and analytical techniques.
Excellent written and verbal communication skills with a track record of public intelligence writing.
Comprehensive knowledge in OS security, network protocols, and reverse-engineering binary analysis.

Similar roles

Senior Applied Threat Intelligence Analyst, Microsoft Security Threat Response

Microsoft

Redmond, WA 11 days ago $119,800–$234,700

Microsoft Sentinel Microsoft Defender XDR MITRE ATT&CK KQL SQL Python PowerShell C# C++ OS internals network protocols reverse engineering malware analysis Cyber Kill Chain Diamond Model

Save

Senior Applied Threat Intelligence Analysts

Microsoft

5 days ago $102,100–$202,200

Microsoft Sentinel Microsoft Defender XDR MITRE ATT&CK Python PowerShell C# C++ AI tools large language models network protocols reverse-engineering static binary analysis behavioral analysis Cyber Kill Chain Diamond Model

Save

Threat Intelligence Manager

Microsoft

Redmond, WA 10 days ago $165,600–$296,400

Python Kubernetes Terraform AWS Azure CI/CD Docker Prometheus Grafana AI Machine Learning SQL NoSQL Cybersecurity Threat Intelligence Data Science Automation DevOps Scalability Cloud Computing

Save

Cybersecurity Threat Intelligence Analyst

HP Inc.

Austin, TX +1 13 days ago $105,050–$161,800

Python Go PowerShell CrowdStrike EDR malware analysis network traffic analysis Threat Intelligence Platform TTPs research technical reporting CI/CD Kubernetes AWS Azure GCP PostgreSQL MongoDB Splunk SIEM Linux

Save

Cyber Threat Intelligence Analyst

Leidos

108 days ago $107,900–$195,050

MITRE ATT&CK Threat Intelligence Platform (TIP) Python PowerShell SPL KQL Elastic DSL AWS Azure O365 Cyber Kill Chain Diamond Model of Intrusion Analysis Anomali ThreatConnect MISP

Hybrid

Save

L3 SOC Analyst, Cyber Threat Intelligence

Analog Devices

Wilmington, MA 74 days ago $127,600–$175,450

Azure Sentinel Python MITRE ATT&CK SIEM EDR PowerShell Bash SOAR PCI-DSS HIPAA GDPR Tenable WIZ SAML OAuth CSA Azure Security Engineer AWS Security Specialist CISSP CEH GCTI GREM GCIH GCIA

Hybrid

Save