Principal Security Researcher

Share job

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity.

Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions.

The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Microsoft prioritizes security, empowering individuals and organizations with a comprehensive security cloud that delivers end-to-end protection.

The Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) research team enables global security teams to detect and respond to cyber threats efficiently. By leveraging expert knowledge of the technologies that threats exploit, an attacker mindset, and adapting to a dynamic landscape, we tackle highly sophisticated threats across both cloud and hybrid (cloud + on-prem) attacks.

Our AI-driven solutions automate investigations and responses, ensuring swift protection for customers and optimizing security operations. We are looking for a Principal Security Researcher to drive cutting-edge security innovations in large-scale, multi-tenant environments, enhancing the defense capabilities of Government and National cybersecurity teams.

In this role, you will work closely with Data Science, Engineering, Product, and Threat Intelligence teams to develop advanced detection, automated response, and correlation techniques across Microsoft Defender XDR, Sentinel, and the Unified Security Operations Platform—leveraging both Microsoft and third-party security data.

Your expertise in adversary tradecraft, detection engineering, and large-scale threat modeling will be instrumental in advancing defense strategies that proactively identify and disrupt sophisticated attack campaigns.

This role provides an opportunity to push the boundaries of security research, applying deep technical knowledge to improve threat detection, response automation, and incident correlation—helping National SOC teams stay ahead of the most sophisticated threats in the world.

Our team values diversity and strives to hire individuals with varied experiences and perspectives. We understand that no candidate possesses every desired skill and experience, but together, we form a strong, effective team.

Qualifications - Required:

• 7+ years of computer security industry experience with knowledge of adversary tradecraft, security operations, incident response, threat hunting, and of emerging threats and techniques for attacks against modern enterprise environments.
• 3+ years of experience researching, prototyping, and driving engineering requirements for threat protection systems.
• 2+ years of experience hunting for and investigating security incidents at scale with one or more of the following: Azure Synapse, Elasticsearch , BigQuery, SQL, Cosmos, Kusto, or similar systems.

Other Requirements:

• Experience within coding with languages such as C#, Python and/or PowerShell AND language independent data formats such as JSON/ YAML/XML.
• Demonstrated experience in conducting data studies, including the ability to work with available telemetry and drive improvements with engineering teams for previously unexplored data sources.
• Experience using graph technologies and query languages to find security insights such as Neo4j Cypher or Apache TinkerPop Gremlin.
• Demonstrated experience in research and delivery of security features to general availability.
• Experience applying MITRE ATT&CK to assess gaps in threat scenarios and protection coverage across both cloud and hybrid (cloud + on prem) attacks.
• Experience with endpoint, identity, cloud application, cloud infrastructure, email, network and/or other threat detection, and prevention technologies.
• Experience with SOC workflows including threat hunting, detection, response, and threat intelligence.
• Experience with cross-group and interpersonal skills, with the ability to articulate the business need for product improvements and a desire to engage directly with customers.
• Experience with one or more of the following: Azure Functions, Azure Static Web Sites, Azure Containers, Azure DevOps pipelines, Github actions, Github Codespaces, and Jupyter Notebooks.

#MSFTSecurity #MSFTSecurity

#researchMailerFeb

#ONESOCER25

• Develop and implement Security Research Strategies. Formulate and execute advanced security research initiatives aimed at enhancing the defensive capabilities of large-scale, multi-tenant environments.
• Analyze data from various security domains—including threat intelligence, email, identity, endpoint, network, and cloud sources — to identify and mitigate sophisticated threats.
• Collaborate closely with partner engineering, product management, and threat intelligence teams to push the boundaries of at-scale threat protection innovation
• Design and develop new detection capabilities informed by threat intelligence research to proactively counteract emerging threats.