Overview
Our team builds the intelligence layer that powers Microsoft’s next‑generation threat detection ecosystem—spanning Vortex, Threat Graph, Verdict Net, and campaign‑correlation workflows. We combine deep applied science, graph‑theoretic reasoning, large‑scale machine‑learning, and multi‑modal security analytics to uncover hidden attack patterns across identity, endpoint, network, and cloud. As part of a multidisciplinary organization, we design graph algorithms, develop ML models, operationalize high‑confidence security signals, and partner closely with detection engineering to translate research into customer‑impacting protections. Our work drives core advancements in attack‑path discovery, anomaly detection, graph construction, and threat‑hunting experiences across Microsoft Security
Responsibilities
Machine Learning & Modeling
- Develop supervised and unsupervised ML models for anomaly detection, fraud/threat pattern discovery, alert classification, confidence scoring, and signal fidelity improvements.
- Build and maintain feature pipelines over multi‑modal security telemetry (identity, endpoint, network, cloud).
- Apply graph‑focused ML techniques (graph embeddings, GNNs, similarity scoring, relationship modeling).
Graph Reasoning & Analytics
- Contribute to graph construction logic, schema evolution, and ontology-driven enrichment for Verdict Net, Verdict Propagation, Campaign Graphs, and Vortex insights.
- Implement graph traversal, multi-hop reasoning, and cluster detection algorithms to surface hidden attack patterns.
- Participate in performance optimization and health management of large-scale threat graphs.
Data Engineering & Experimentation
- Analyze large, noisy, high‑dimensional security datasets using ADX/Kusto, Spark, and distributed compute platforms.
- Run A/B experiments, offline evaluations, and benchmark models to continually improve detection quality.
- Build high-quality research code and prototypes that transition smoothly to engineering teams for productionization.
Cross-Functional Impact
- Collaborate with detection engineering, threat research, product teams and red teams to integrate ML outcomes into real-world protection experiences.
- Translate complex analytical insights into actionable improvements for detections, disruptions, and customer-facing intelligence.
- Participate in on-call data issue triage (signal quality, false positives, enrichment gaps) as applicable for DEX workflows.
Qualifications
- Bachelor’s degree in CS, Data Science, EE, Mathematics or related field AND 6+ years of hands-on DS/ML experience.
- Strong proficiency in Python, ML frameworks (PyTorch/TensorFlow), and data processing libraries. Experience with ML techniques such as: gradient-boosted models, supervised/unsupervised learning, embeddings, clustering, anomaly detection.
- Experience querying & analyzing large datasets using Kusto, SQL, Spark, or equivalent data engines.
- Strong fundamentals in probability, statistics, and algorithmic thinking.
- Ability to write clean, reliable research code and communicate findings clearly.
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about **requesting accommodations.**