Principal Security Researcher

Microsoft

23h

About The Position

Overview Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their full potential each day. In doing so, we create life-changing innovations that impact billions of lives around the world. The Microsoft Threat Protection Research (MTP-R) Purple Team sits at the intersection of offense, defense, and intelligence, working across Microsoft Defender technologies to help ensure our telemetry, detections, and protections are effective against real-world cyberattacks. We are looking for a principal-level security researcher with deep experience in threat operations and Defender tooling to help design, execute, and analyze advanced adversary simulations, collaborate with engineering and detection teams, and translate attacker tradecraft into measurable defensive improvements across Microsoft’s security stack. This role is for someone who has lived in blue teams or SOCs, understands how detections succeed or fail in practice, and wants to influence security outcomes at a global scale. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Requirements

Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

8+ years of experience in cybersecurity, with hands-on background in blue team operations, SOC, incident response, or detection engineering.
5+ years of experience understanding of attacker techniques, post-exploitation behavior, and investigative workflows in enterprise environments.
5+ years of experience working with security telemetry and log data, including practical use of KQL or similar query languages.
Experience with the Microsoft Defender suite of products (e.g., Defender for Endpoint, Identity, Cloud, Apps, Office 365, XDR, Sentinel).
Prior purple team, threat hunting, or adversary emulation experience.
5+ years of experience working knowledge of MITRE ATT&CK and other threat modeling frameworks.
Experience consuming or producing threat intelligence, including actor tracking, campaign analysis, or TTP-based reporting.
3+ years of Scripting or automation experience (e.g., Python, PowerShell) to support analysis or simulation workflows.
Understanding of AI and agentic workflows for detection engineering, threat hunting or related activities.
Familiarity with detection validation, signal quality analysis, or security metrics at scale.
Proven ability to work across teams and influence outcomes without direct authority.
Demonstrated ability to communicate complex security findings clearly through writing and presentations.

Responsibilities

Design and execute purple team simulations that emulate real-world threat actors, techniques, and campaigns across endpoint, identity, cloud, and email surfaces.
Partner closely with Microsoft Defender engineering, research, and threat intelligence teams to evaluate detection coverage, investigation quality, and response effectiveness.
Analyze telemetry using Kusto / KQL to validate detection logic, uncover gaps, and measure signal quality.
Translate attacker tradecraft into actionable insights for defenders, including detection recommendations, telemetry requirements, and investigation improvements.
Apply frameworks such as MITRE ATT&CK to map adversary behavior, identify coverage gaps, and communicate findings clearly to technical and non-technical audiences.
Leverage threat intelligence to inform simulation design, prioritize scenarios, and ensure relevance to active and emerging threats.
Contribute to high-quality written simulation reports, executive presentations, and technical documentation that influence product and security strategy.
Act as an experienced technical voice within the Purple Team, helping shape methodology, standards, and long-term research direction.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume