Security Researcher - Microsoft Defender
Microsoft
Security Researcher - Microsoft Defender
Multiple Locations, United States
Save
Overview
Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
We are seeking a Security Researcher with the right blend of creativity, tenacity, and technical skills to help us protect the hundreds of millions of customers that rely on Microsoft Teams for communication and collaboration every day. In this role you will investigate and mitigate the latest attacks; conduct deep research and experimentation on new durable protection strategies via the Defender product line; and collaborate with a diverse team of data scientists, security researchers, engineers, and product managers to protect a global customer base. Our organization is redefining security using the latest technology, extensive data and intelligence systems, and a collaborative and inclusive team culture. Join us and make a difference in our mission to empower everyone to communicate with confidence and trust!
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Qualifications
Required Qualifications
- 3+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field
- Availability and willingness to cover a periodic on-call rotation for the team.
- 3+ years programming experience with Python, preferably including agentic AI workflows, machine learning model development, or similar projects.
Additional or Preferred Qualifications
- 4+ years experience in software development lifecycle, large-scale computing, modeling, cyber-security, and/or anomaly detection
- OR Master's Degree in Statistics, Mathematics, Computer Science or related field
- Experience querying and analyzing large datasets, including experience building hunting or detection playbooks, monitoring dashboards, and/or automated alerting and investigation workflows. (e.g. SQL, Python/Jupyter, KQL/Azure Data Explorer, etc.)
- Proficiency in using various security tools, including security information and event management (SIEM), endpoint detection and response (EDR), email security gateways, identity access management, network protection, and sandbox environments.
- Insatiable curiosity to learn about attacker patterns and behaviors, with a drive to build innovative detections and protections.
- Understand the cyber kill chain, especially attack scenarios originating from collaboration platforms, email, or web sites along with related security protocols and analysis tools.
- Solid understanding of attacker tradecraft
- Experience responding to customer escalations and reporting investigative findings.
- Experience working through ambiguity to drive innovations in detections, monitoring, and internal team processes.
- Ability to use data to “tell a story” and influence decision-making.
Other Requirements
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Security Research IC3 - The typical base pay range for this role across the U.S. is USD $100,600 - $199,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $131,400 - $215,400 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until July 17th, 2025.
Responsibilities
As a Security Researcher responsible for the effectiveness of Microsoft Teams customer protection through Microsoft Defender for Office, you will:
• Respond to escalations to resolve detection effectiveness issues (misclassified malicious campaigns and false positives)
• Prototype automated detection solutions
• Conduct deep analysis and research on attacker campaigns and techniques to support durable detection investments and improve customer experience.
• Apply new data sources and technologies to improve customer protection and effectiveness measurement
• Conduct ad hoc studies and analysis to support day-to-day operations and guide protection strategy
• Author rules and create new hunting playbooks to detect and thwart evolving campaigns and investigating new attack patterns in the Teams product
• Engage and collaborate with diverse partner teams to drive a great customer experience and ensure holistic protection across the Microsoft Security stack.