Overview:

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their full potential each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

The Microsoft Threat Protection Research (MTP-R) Purple Team sits at the intersection of offense, defense, and intelligence, working across Microsoft Defender technologies to help ensure our telemetry, detections, and protections are effective against real-world cyberattacks.

We are looking for a principal-level security researcher with deep experience in threat operations and Defender tooling to help design, execute, and analyze advanced adversary simulations, collaborate with engineering and detection teams, and translate attacker tradecraft into measurable defensive improvements across Microsoft’s security stack.

This role is for someone who has lived in blue teams or SOCs, understands how detections succeed or fail in practice, and wants to influence security outcomes at a global scale.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities:

As a Principal Security Researcher on the MTP Research Purple Team, you will:

• Design and execute purple team simulations that emulate real-world threat actors, techniques, and campaigns across endpoint, identity, cloud, and email surfaces.
• Partner closely with Microsoft Defender engineering, research, and threat intelligence teams to evaluate detection coverage, investigation quality, and response effectiveness.
• Analyze telemetry using Kusto / KQL to validate detection logic, uncover gaps, and measure signal quality.
• Translate attacker tradecraft into actionable insights for defenders, including detection recommendations, telemetry requirements, and investigation improvements.
• Apply frameworks such as MITRE ATT&CK to map adversary behavior, identify coverage gaps, and communicate findings clearly to technical and non-technical audiences.
• Leverage threat intelligence to inform simulation design, prioritize scenarios, and ensure relevance to active and emerging threats.
• Contribute to high-quality written simulation reports, executive presentations, and technical documentation that influence product and security strategy.
• Act as an experienced technical voice within the Purple Team, helping shape methodology, standards, and long-term research direction.

Qualifications:

Required/minimum qualifications:

• Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detectionOR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
• OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
• OR equivalent experience.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Additional or preferred qualifications:

• 8+ years of experience in cybersecurity, with hands-on background in blue team operations, SOC, incident response, or detection engineering.
• 5+ years of experience understanding of attacker techniques, post-exploitation behavior, and investigative workflows in enterprise environments.
• 5+ years of experience working with security telemetry and log data, including practical use of KQL or similar query languages.
• Experience with the Microsoft Defender suite of products (e.g., Defender for Endpoint, Identity, Cloud, Apps, Office 365, XDR, Sentinel).
• Prior purple team, threat hunting, or adversary emulation experience.
• 5+ years of experience working knowledge of MITRE ATT&CK and other threat modeling frameworks.
• Experience consuming or producing threat intelligence, including actor tracking, campaign analysis, or TTP-based reporting.
• 3+ years of Scripting or automation experience (e.g., Python, PowerShell) to support analysis or simulation workflows.
• Understanding of AI and agentic workflows for detection engineering, threat hunting or related activities.
• Familiarity with detection validation, signal quality analysis, or security metrics at scale.
• Proven ability to work across teams and influence outcomes without direct authority.
• Demonstrated ability to communicate complex security findings clearly through writing and presentations.

Security Research IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.