Overview:

Our team builds the intelligence layer that powers Microsoft’s next‑generation threat detection ecosystem—spanning Vortex, Threat Graph, Verdict Net, and campaign‑correlation workflows. We combine deep applied science, graph‑theoretic reasoning, large‑scale machine‑learning, and multi‑modal security analytics to uncover hidden attack patterns across identity, endpoint, network, and cloud. As part of a multidisciplinary organization, we design graph algorithms, develop ML models, operationalize high‑confidence security signals, and partner closely with detection engineering to translate research into customer‑impacting protections. Our work drives core advancements in attack‑path discovery, anomaly detection, graph construction, and threat‑hunting experiences across Microsoft Security.

Responsibilities:

Key Responsibilities

1.

Machine Learning & Data Science:

2.

Graph Analytics & Threat Reasoning:

3.

Graph Database & Platform Expertise:

4.

Research & Innovation:

• Design, train, and deploy supervised/unsupervised ML models for:anomaly detection
• attack pattern discovery
• similarity scoring
• Build ML pipelines that operate on large‑scale, heterogeneous security telemetry.
• Develop graph embeddings, GNN models, clustering, and temporal sequence models to detect emerging threats.
• Build and optimize graph traversal algorithms for multi-hop attack path discovery.
• Correlate signals across identity, endpoint, network, and cloud domains.
• Analyze entities, edges, and temporal relationships to surface hidden attacker behaviors.
• Design/optimize graph schemas, ontologies, and semantic layers for threat detection.
• Work with graph-native DBs and query languages (e.g., GQL, ADX/Kusto).
• Partner with infra teams to scale graph workloads across customer data.
• Stay current with academic research and convert novel ML/graph techniques into practical security applications.
• Run experimentation cycles (A/B tests, offline evaluation, model validation) to optimize detection precision/recall.
  Discover new attack patterns using clustering, community detection, and probabilistic methods.

5. Cross‑Functional Collaboration

• Partner with detection engineering, red teaming, and product teams to integrate ML/graph intelligence into protections.
• Translate complex graph/ML insights into actionable detection logic and SOC‑ready intelligence.
• Communicate findings to security architects and leadership through visualizations, dashboards, and well‑structured narratives.

Qualifications7+ years of hands-on experience in applied ML, data science, or security analytics.

• Strong expertise in one or more of:Graph algorithms, graph databases, GNNs
• Large‑scale ML pipelines
• Unsupervised/behavioral anomaly detection
• Statistical modeling, clustering, embeddings
• Deep proficiency in Python, Py Torch/Tensor Flow, and data processing frameworks.
• Experience working with large‑scale telemetry (security logs, identity signals, network events, etc.).
• Experience with distributed data systems and query languages (ADX/KQL, Spark, or similar).
• Strong problem‑solving skills with ability to work on ambiguous research problems.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.