Senior Security Research- Microsoft Security

Microsoft Security aspires to make the world a safer place for all. We empower every user, customer, and developer with a security cloud that protects them with end-to-end, simplified solutions across heterogeneous environments — and across our own internal estate. Our culture is centered on a growth mindset, inspiring excellence, and bringing our best each day to create innovations that impact billions of lives.

Come build one of Microsoft's most exciting security products: Identity Threat Detection and Response (ITDR). As cyber-attacks grow more sophisticated, we help enterprises detect, investigate, and autonomously protect against advanced identity-based attacks and data breaches — from nation-state actors to large-scale ransomware operators. Our research team combines deep knowledge of the attacker landscape and tradecraft to deliver the innovations needed to uncover and stop even the most well-funded adversaries.

We are seeking an experienced Senior Security Researcher, excited by finding new attacks, to join our research team and focus on detecting and autonomously protecting against sophisticated enterprise attacks. The role spans novel attack-technique research, big-data analysis over rich sensor data, identifying the optics needed to expose malicious behavior, and crafting detection and protection logic so compromise does not go undetected. We expect our researchers to fluently leverage Generative AI to accelerate every stage of their work — from hypothesis generation and code prototyping to large-scale data triage and detection authoring.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

• Own end-to-end large research projects that deliver identity protection against the most prevalent threats in the landscape, from initial threat hypothesis to shipped detection and customer protection impact.
• Conduct in-depth investigation and research of data across multiple identity and additional sources to identify threats and sophisticated attack incidents.
• Keep up to date with the latest trends in cyber-attacks and create robust, sophisticated detection logics across the entire kill-chain.
• Collaborate with product management, security, and engineering teams across the company to design innovative solutions and new identity protection capabilities and validate their effectiveness using a data-driven approach.
• Collaborate with data science teams to understand, identify, and implement detection gaps, capabilities, assumptions, and improvements.
• Leverage Generative AI tooling to scale research throughput — accelerating data triage, hypothesis generation, code and KQL authoring, literature review, and the synthesis of attacker tradecraft into shippable detections.
• Demonstrate thought leadership and engage and enlighten others through compelling, meaningful content and informative sessions.

• You have at least 6+ years of cyber security experience, including 2+ years working hands-on with identity-based attacks (research, hunting, or detection engineering) on top of the modern attacker kill-chain and MITRE ATT&CK.
• You have pssion for defensive work - hunting, investigation, detection authoring, and protection enforcement design — with a track record of owning research end-to-end, from threat hypothesis to shipped detection and customer impact.
• You have Windows internals knowledge, along with working knowledge of the main identity protocols (e.g., Kerberos, NTLM, LDAP, OAuth 2.0, SAML).
• You demonstrated fluency leveraging Generative AI tools (e.g., GitHub Copilot, Security Copilot, ChatGPT/Claude) to multiply daily research output — including prompt design, model-output validation, and integrating AI assistance into investigation, coding, and detection authoring.

Preferred Qualifications

• B.Sc./M.Sc. in Computer Science or related technical discipline.
• Good knowledge of at least one programming language such as C# (preferred), Python, or C++, and at least one query language such as KQL, SQL, or Cypher.
• Experience with Windows and/or Cloud forensics — key artifacts around credential theft and lateral movement across on-prem and hybrid identity environments.
• Experience authoring security research (papers, blogs, conference talks such as BlueHat / Black Hat / DEF CON, or CVEs).
• Experience building or applying AI/LLM-assisted workflows for security research, detection engineering, or threat intelligence at scale.
• Excellent cross-group, leadership, and interpersonal skills, with a drive to tackle ambiguous problems. 

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.