What you'd actually do

Own end-to-end large research projects that deliver identity protection against the most prevalent threats in the landscape, from initial threat hypothesis to shipped detection and customer protection impact.

Conduct in-depth investigation and research of data across multiple identity and additional sources to identify threats and sophisticated attack incidents.

Keep up to date with the latest trends in cyber-attacks and create robust, sophisticated detection logics across the entire kill-chain.

Collaborate with product management, security, and engineering teams across the company to design innovative solutions and new identity protection capabilities and validate their effectiveness using a data-driven approach.

Collaborate with data science teams to understand, identify, and implement detection gaps, capabilities, assumptions, and improvements.

Skills

Required

6+ years of experience in cyber security
modern attacker kill-chain and MITRE ATT&CK
identity-based threat scenarios
Windows internals knowledge
Kerberos, NTLM, LDAP, OAuth 2.0, SAML
C#, Python, or C++
KQL, SQL, or Cypher
Generative AI tools (e.g., GitHub Copilot, Security Copilot, ChatGPT/Claude, or equivalent LLM-based workflows)
prompt design
validating model output
integrating AI assistance into investigation, coding, and detection authoring

Nice to have

Experience in authoring security research papers, blogs, or books
Windows forensics
Cloud forensics
building or applying AI/LLM-assisted workflows to security research, detection engineering, or threat intelligence at scale

Overview

Microsoft Security aspires to make the world a safer place for all. We empower every user, customer, and developer with a security cloud that protects them with end-to-end, simplified solutions across heterogeneous environments — and across our own internal estate. Our culture is centered on a growth mindset, inspiring excellence, and bringing our best each day to create innovations that impact billions of lives.

Come build one of Microsoft's most exciting security products: Identity Threat Detection and Response (ITDR). As cyber-attacks grow more sophisticated, we help enterprises detect, investigate, and autonomously protect against advanced identity-based attacks and data breaches — from nation-state actors to large-scale ransomware operators. Our research team combines deep knowledge of the attacker landscape and tradecraft to deliver the innovations needed to uncover and stop even the most well-funded adversaries.

We are seeking an experienced Senior Security Researcher, excited by finding new attacks, to join our research team and focus on detecting and autonomously protecting against sophisticated enterprise attacks. The role spans novel attack-technique research, big-data analysis over rich sensor data, identifying the optics needed to expose malicious behavior, and crafting detection and protection logic so compromise does not go undetected. We expect our researchers to fluently leverage Generative AI to accelerate every stage of their work — from hypothesis generation and code prototyping to large-scale data triage and detection authoring.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

Own end-to-end large research projects that deliver identity protection against the most prevalent threats in the landscape, from initial threat hypothesis to shipped detection and customer protection impact.
Conduct in-depth investigation and research of data across multiple identity and additional sources to identify threats and sophisticated attack incidents.
Keep up to date with the latest trends in cyber-attacks and create robust, sophisticated detection logics across the entire kill-chain.
Collaborate with product management, security, and engineering teams across the company to design innovative solutions and new identity protection capabilities and validate their effectiveness using a data-driven approach.
Collaborate with data science teams to understand, identify, and implement detection gaps, capabilities, assumptions, and improvements.
Leverage Generative AI tooling to scale research throughput — accelerating data triage, hypothesis generation, code and KQL authoring, literature review, and the synthesis of attacker tradecraft into shippable detections.
Demonstrate thought leadership and engage and enlighten others through compelling, meaningful content and informative sessions.

Qualifications

B.Sc./M.Sc. degree in Computer Science or related technical discipline.
6+ years of experience in cyber security with a background in the modern attacker kill-chain and MITRE ATT&CK, preferably in identity-based threat scenarios.
Windows internals knowledge, along with good working knowledge of the main identity protocols (e.g., Kerberos, NTLM, LDAP, OAuth 2.0, SAML).
Good knowledge in at least one programming language such as C# (preferred), Python, or C++.
Good knowledge in at least one language such as KQL, SQL, or Cypher.
Demonstrated fluency leveraging Generative AI tools (e.g., GitHub Copilot, Security Copilot, ChatGPT/Claude, or equivalent LLM-based workflows) to scale day-to-day research work — including prompt design, validating model output, and integrating AI assistance into investigation, coding, and detection authoring.
Excellent cross-group, leadership, and interpersonal skills.
A drive to tackle hard problems with notable levels of ambiguity.

Qualifications: Other Requirements

Ability to meet Microsoft, customer, and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Experience in authoring security research papers, blogs, or books.
Experience with Windows forensics and an understanding of key forensic artifacts, especially around lateral movement scenarios.
Experience with Cloud forensics, including identity attack artifacts and lateral movement techniques.
Experience building or applying AI/LLM-assisted workflows to security research, detection engineering, or threat intelligence at scale (preferred).

Security Research IC4 - The typical base pay range for this role across the U.S. is USD $119,800.00 - $234,700.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200.00 - $261,000.00 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about **requesting accommodations.**