Senior Security Researcher

Overview

Security is one of the most critical priorities for our customers in a world challenged by relentless digital threats, increasing regulatory demands, and complex technology estates. At Microsoft Security, our aspiration is clear: to make the world a safer place for everyone. We aim to redefine security by empowering every user, customer, and developer with a comprehensive security cloud—delivering end-to-end protection through simplified, integrated solutions. Our organization accelerates Microsoft’s mission and bold ambitions by safeguarding digital platforms, devices, and clouds across diverse customer environments, while ensuring the security of our own internal estate.

We are looking for a Senior Security Researcher to join our team! 

The Identity Threat Detection and Response (ITDR) Security Research team leads advanced research in Identity protection, leveraging next-generation AI and cloud technologies. Our team comprises globally recognized experts in identity and cloud-related threats—highly skilled, passionate professionals committed to driving innovation and safeguarding customers in an ever-evolving

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. 

Responsibilities

• Research attacker tradecraft and evolving threat patterns across cloud identity ecosystems, including OAuth, Enterprise Apps, AI Apps, and authentication flows.
• Perform proactive threat hunting to uncover sophisticated identity‑based attacks across Microsoft Defender signals.
• Design and deliver high‑quality detections, analytics, and risk‑based insights by correlating multi‑product telemetry.
• Partner with engineering and PM teams to convert research findings into impactful product capabilities.
• Collaborate with DS teams to build ML/AI‑based anomaly models, risk scoring, and advanced hunting algorithms.
• Publish research content through papers, blogs, and conference presentations representing Microsoft’s thought leadership.
• Provide SME guidance to customers, field teams, and incident responders on identity threats and attack trends.
• Work cross‑functionally with red/blue teams, infra teams, and product groups to validate attacks and improve defenses.
• Maintain strong research hygiene by building datasets, documenting methodologies, and improving signal quality.
  
  

Qualifications

• 7+ years of experience in cybersecurity, with strong understanding of the modern attacker kill chain, MITRE ATT&CK framework, and emerging identity-based threats, including attacks targeting SaaS Apps, AI Apps, and OAuth‑based applications.
• Bachelor’s degree (or equivalent experience) in Computer Science, Engineering, Information Technology, or a related technical discipline.
• Deep knowledge of commonly used attack tools and red‑team frameworks, with the ability to analyze, simulate, and interpret adversary behaviors.
• Proficiency in at least one programming language such as Python, C, or C++ for building prototypes, tools, or detection logic.
• Proficiency in at least one query language such as KQL, SQL, or Cypher for data analysis, hunting, and telemetry investigation.
• Strong cross‑team collaboration and communication skills, with the ability to articulate research insights, influence product direction, and engage effectively with customers and partner teams.
• Experience handling and analyzing large‑scale datasets for detection development, threat hunting, and behavioral analytics.
  
  

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

---