Overview

The Defender Experts (DEX) Research team is at the forefront of Microsoft’s threat protection strategy, combining world-class hunting expertise with AI-driven analytics to protect customers from advanced cyberattacks. Our mission is to move protection left—disrupting threats early, before damage occurs—by transforming raw signals into intelligence that powers detection, disruption, and customer trust.

In this role, you will be responsible for designing, building, and analyzing large-scale threat graphs that model adversary behavior, infrastructure, and relationships across the cyber threat landscape. You will collaborate closely with researchers, analysts, and detection engineers at the intersection of graph theory, threat protection, and machine learning, helping to uncover hidden patterns, identify emerging threats, and drive proactive defense strategies to drive research on emerging cloud threats that impact both Microsoft and third-party products. Your research will directly contribute to the development of real-time protections for enterprises worldwide, ensuring comprehensive coverage across cloud platforms and strengthening the security posture of organizations leveraging a heterogeneous mix of technologies. This is a unique opportunity to work at scale, tackle complex cloud security challenges, and shape the evolution of threat research within Microsoft Security.

Responsibilities

We are seeking a Senior Graph Engineer with a deep expertise in modeling, analyzing, and interpreting large-scale threat graphs to advance the frontiers of cloud security. The ideal candidate will possess hands-on experience architecting and deploying graph-based detection solutions, including designing graph schemas, implementing algorithms for malicious pattern discovery, and operationalizing analytics for multi-tenant environments. In this pivotal role, you will lead research on evolving adversary behaviors, innovate new methods for graph intelligence and automated threat disruption, and collaborate cross-functionally to enhance Microsoft Security’s ability to detect, attribute, and neutralize sophisticated attacks. Your work will be instrumental in shaping the next generation of threat graph technologies, empowering the security team to protect complex, heterogeneous cloud ecosystems with actionable insights.

• • Design and maintain scalable threat graphs that model entities such as devices, identity, threat actors, TTPs, infrastructure, and campaigns.

• Lead and execute advanced research to develop algorithms and heuristics to detect malicious patterns and relationships within graph data on emerging cloud-based threats impacting Microsoft and third-party security products across heterogeneous cloud environments.

• Collaborate with threat protection researchers, data scientists, and detection engineers to enrich graph models with contextual insights and refine detection and response strategies, to provide comprehensive threat coverage and response capabilities.

• Research and prototype novel graph-based techniques for threat detection, attribution, and prioritization in collaboration with internal and external security teams.

• Translate complex raw security data into actionable graph intelligence that enhances the effectiveness of security operations for a global customer base.

• Mentor, guide, and drive best practices among researchers and detection engineers on advanced graph-based threat hunting and incident response across diverse ecosystems.

• Contribute to industry knowledge and Microsoft’s security posture by publishing research, developing threat graph models, and proactively identifying threats and attack trends in the cloud.

Qualifications

• • 4+ years of experience in security research, detection engineering, threat lifecycle, cloud security in large-scale in complex cloud environments.

• Strong understanding of graph theory, graph databases (e.g., Neo4j, Tiger Graph), and graph analytics with proficiency in Python or similar languages for data analysis and prototyping.

• Experience working with large-scale datasets, distributed systems and graph analytics projects.

• Ability to translate complex threat data into graphs and actionable insights.

• Experience with machine learning or statistical modelling applied to graph data.

• Proven ability to lead and execute advanced research on emerging cloud-based threats affecting both Microsoft and third-party security products across heterogeneous cloud environments.

• Knowledge of adversary infrastructure tracking, malware analysis, or campaign clustering.

• Extensive hands-on experience with cloud platforms—including, but not limited to, Azure—as well as a deep understanding of multi-cloud security challenges and solutions.

• B.

Tech or Equivalent:

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.