Senior Security Researcher

Microsoft•Redmond, WA

1d•$119,800 - $234,700

About The Position

Microsoft Security aspires to make the world a safer place for all. We empower every user, customer, and developer with a security cloud that protects them with end-to-end, simplified solutions across heterogeneous environments — and across our own internal estate. Our culture is centered on a growth mindset, inspiring excellence, and bringing our best each day to create innovations that impact billions of lives. Come build one of Microsoft's most exciting security products: Identity Threat Detection and Response (ITDR). As cyber-attacks grow more sophisticated, we help enterprises detect, investigate, and autonomously protect against advanced identity-based attacks and data breaches — from nation-state actors to large-scale ransomware operators. Our research team combines deep knowledge of the attacker landscape and tradecraft to deliver the innovations needed to uncover and stop even the most well-funded adversaries. We are seeking an experienced Senior Security Researcher, excited by finding new attacks, to join our research team and focus on detecting and autonomously protecting against sophisticated enterprise attacks. The role spans novel attack-technique research, big-data analysis over rich sensor data, identifying the optics needed to expose malicious behavior, and crafting detection and protection logic so compromise does not go undetected. We expect our researchers to fluently leverage Generative AI to accelerate every stage of their work — from hypothesis generation and code prototyping to large-scale data triage and detection authoring. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Requirements

B.Sc./M.Sc. degree in Computer Science or related technical discipline.
6+ years of experience in cyber security with a background in the modern attacker kill-chain and MITRE ATT&CK, preferably in identity-based threat scenarios.
Windows internals knowledge, along with good working knowledge of the main identity protocols (e.g., Kerberos, NTLM, LDAP, OAuth 2.0, SAML).
Good knowledge in at least one programming language such as C# (preferred), Python, or C++.
Good knowledge in at least one language such as KQL, SQL, or Cypher.
Demonstrated fluency leveraging Generative AI tools (e.g., GitHub Copilot, Security Copilot, ChatGPT/Claude, or equivalent LLM-based workflows) to scale day-to-day research work — including prompt design, validating model output, and integrating AI assistance into investigation, coding, and detection authoring.
Excellent cross-group, leadership, and interpersonal skills.
A drive to tackle hard problems with notable levels of ambiguity.
Ability to meet Microsoft, customer, and/or government security screening requirements are required for this role.
Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

Experience in authoring security research papers, blogs, or books.
Experience with Windows forensics and an understanding of key forensic artifacts, especially around lateral movement scenarios.
Experience with Cloud forensics, including identity attack artifacts and lateral movement techniques.
Experience building or applying AI/LLM-assisted workflows to security research, detection engineering, or threat intelligence at scale (preferred).

Responsibilities

Own end-to-end large research projects that deliver identity protection against the most prevalent threats in the landscape, from initial threat hypothesis to shipped detection and customer protection impact.
Conduct in-depth investigation and research of data across multiple identity and additional sources to identify threats and sophisticated attack incidents.
Keep up to date with the latest trends in cyber-attacks and create robust, sophisticated detection logics across the entire kill-chain.
Collaborate with product management, security, and engineering teams across the company to design innovative solutions and new identity protection capabilities and validate their effectiveness using a data-driven approach.
Collaborate with data science teams to understand, identify, and implement detection gaps, capabilities, assumptions, and improvements.
Leverage Generative AI tooling to scale research throughput — accelerating data triage, hypothesis generation, code and KQL authoring, literature review, and the synthesis of attacker tradecraft into shippable detections.
Demonstrate thought leadership and engage and enlighten others through compelling, meaningful content and informative sessions.