Principal Security Researcher

This role is part of a collaborative team, assisting our customers with:

• Performing deep analysis of attacker activity in on-premises and cloud environments
• Identifying potential threats, allowing for proactive defense before an actual incident
• Notifying customers regarding imminent attacker activity
• Providing recommendations to improve customers’ cybersecurity posture and performing threat intelligence knowledge transfer to prepare customers to defend against today’s threat landscape
• Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities
• Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams
• Identifying, prioritizing, and targeting complex security issues that negatively impact customers, creating and driving adoption of relevant mitigations, and providing proactive guidance
• Synthesizing research findings into recommendations for mitigation of security issues, sharing across teams, and driving change based on research findings

Required/Minimum Qualifications:

• Experience in software development lifecycle, large-scale computing, modeling, cybersecurity, threat hunting, and/or anomaly detection OR a Master's Degree in Statistics, Mathematics, Computer Science, or related field
• Microsoft Cloud Background Check: This position requires passing the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Additional or Preferred Qualifications:

• Proficient experience in software development lifecycle, large-scale computing, modeling, cybersecurity, threat hunting, and/or anomaly detection OR Doctorate in Statistics, Mathematics, Computer Science, or related field
• Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)
• Strong understanding of malware and the modern threat landscape, especially identity-based attacks
• Familiarity with SQL or Kusto Query Language (KQL) queries, or experience with large database/SIEM query languages such as Splunk, Humio, Kibana, etc.
• Understanding of Jupyter Notebooks or building equivalent threat hunting automations with scripting languages
• Consulting background and Active Directory expertise
• Experience with forensic analysis tools like X-Ways Forensics, WinHex, Encase, FTK, etc.
• Knowledge of Microsoft Azure and/or Office365 platforms
• Experience with forensic log artifacts in SIEM logs, web server logs, AV logs, protection logs (HIDS/NIDS)
• Familiarity with Microsoft Defender 365 security stack, especially Advanced Hunting query writing
• Excellent understanding of Windows internals and trace evidence locations
• Knowledge of third-party cybersecurity solutions, especially EDR and SIEM solutions
• Linux and/or macOS forensic analysis and threat hunting skills
• Relevant technical certifications (e.g., Azure, SharePoint, CISSP, SANS GIAC)
• Ability to obtain and maintain a Security Clearance

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration without regard to various protected characteristics. If you need assistance or a reasonable accommodation due to a disability during the application or recruiting process, please send a request via the Accommodation request form. Benefits and perks may vary depending on employment nature and country.