Principal Security Researcher

Share job

Date posted

Dec 09, 2024

Job number

1784622

Work site

Up to 100% work from home

Travel

0-25 %

Role type

Individual Contributor

Profession

Security Engineering

Discipline

Security Research

Employment type

Full-Time

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions.

The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

We are seeking a Principal Security Researcher with the right blend of technical expertise, systems thinking, and collaboration skills to help us protect the hundreds of millions of enterprise customers that rely on Microsoft Teams every day. In this role you will not only conduct research on attacker campaigns and experiment with new durable protection strategies for Microsoft Teams via the Defender product line; you’ll also be relied upon as our primary research architect in advancing our customer protection strategy.

You’ll establish a deep understanding of the threat landscape and gaps in protection capability for Teams customers in consideration of the unique and complex challenges of the product. Essential to success will be your ability to establish effective collaboration across organizational boundaries. You’ll need to adapt to an ever-changing attack landscape and be able to ideate and deliver ‘quick wins’ with current capabilities while devising and advocating for longer term durable investments.

You can expect to be ‘hands on’ in prototyping, testing, and implementing solutions, but also play a role in orchestrating efforts across a variety of disciplines and teams. Our organization is redefining security using the latest technology, extensive data and intelligence systems, and a collaborative and inclusive team culture. Join us and make a difference in our mission to empower everyone to communicate with confidence and trust!

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required/Minimum Qualifications:

• 7+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection OR Doctorate in Statistics, Mathematics, Computer Science or related field.
• 3+ years experience working through ambiguity to prototype solutions and drive innovations in detections, monitoring, and internal team processes
• 3+ years experience querying and analyzing large datasets (e.g. SQL, Python/Jupyter, KQL/Azure Data Explorer, etc.)
• Availability and willingness to cover a periodic on-call rotation or engage in incident response as needed.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Additional or Preferred Qualifications:

• 8+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• OR Doctorate in Statistics, Mathematics, Computer Science or related field.

• Ability to lead and influence change without hierarchical authority, partner effectively with a diverse set of stakeholders, and drive consensus.
• Experience contributing to the development and validation of machine learning models.
• Insatiable curiosity to learn about attacker patterns and behaviors, with a drive to build innovative end-to-end protection strategies.
• Understand the cyber kill chain, especially attack scenarios originating from collaboration platforms, email, or web sites along with related security protocols and analysis tools.
• Proficiency querying large datasets, conducting analysis, and creating automated alerting, monitoring, and/or investigation workflows. (e.g. SQL, Python/Jupyter, KQL/Azure Data Explorer, etc.)
• Proficiency in using various security tools, including security information and event management (SIEM), endpoint detection and response (EDR), email security gateways, identity access management, network protection, and sandbox environments.
• Experience creating and tuning detection rules using Regex, YARA or other pattern matching tools
• Experience responding to customer escalations and reporting investigative findings.
• Familiarity with social engineering campaigns affecting collaboration platforms as well as email and web products.
• Ability to use data to “tell a story” and influence decision-making.

Security Research IC5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until December 15, 2024

#MSFTSecurity #SecurityResearch #MSECAIR

As a Principal Security Researcher focused on protecting enterprise Microsoft Teams customers through Microsoft Defender, you will be responsible for:

• Maintaining a deep understanding of the evolving threat landscape and attack vectors affecting Teams customers
• Prototyping solutions (either yourself or through others) and conducting analysis to validate ideas and adjust our strategy to prevent, detect, and disrupt attackers
• Developing and orchestrating delivery of our security research, response, and customer protection strategy
• Initiating and maintaining close collaboration with a diverse set of partner teams; and
• As needed, respond to incidents and escalations, analyze campaigns, and take direct actions to protect customers and disrupt attackers.