Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

　　We are the Microsoft 365 Defender Experts team, and we are committed to defending Microsoft customers from sophisticated cyber-attacks and adversaries. Our mission is to help protect customers with truly innovative proactive approach, advising on emerging trends, and engaging in valuable partnerships. As the Research organization within Defender Experts, it’s our job to stay one step ahead of malicious adversaries and predict the threats of the future. We work with partners across Microsoft to innovate new approaches for detecting and tracking threats, attacker techniques, their tools and infrastructure. We are always learning. Insatiably curious. We lean into uncertainty, take risks, and learn quickly from our mistakes. We build on each other’s ideas, because we are better together. Together we make a difference to all of our customers, from end-users to Fortune 50 enterprises. Our security products are brought together in the Microsoft 365 Defender (M365D) suite. M365D enables Microsoft’s enterprise customers to detect, investigate, understand, and respond to advanced threats on their networks via a combination of behavioral sensors, security analytics, and threat intelligence. We are looking for a Senior Threat Researcher (Detection Engineering) to join our Detection Research team. In this role you will use deep knowledge of the attacker landscape and rich telemetry from our sensors across wide range of Microsoft security products to develop the detections Ensuring that no human adversary can operate silently begins with experts harnessing the powerful optics provided by M365D, across the attacker kill-chain, coupled with world-class detections.  We’re looking for a skilled Threat Detection Engineer to harness the power of Microsoft’s trillions of security signals to quickly identify and report the latest human adversary behaviors, drive critical context-rich alerts, build new tools and automations in support of detection development objectives, and drive innovations for detecting advanced attacker tradecraft.

　　Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

　　Responsibilities

　　Cutting-Edge Detection Development: Pioneering the creation of high-impact detection mechanisms through advanced analytics, encompassing the exploration and correlation of extensive datasets.

　　Precision engineering of detection rules to deliver timely and accurate alerts, fortifying our clientele against emerging cyber threats. Detection Coverage Optimization: Spearheading initiatives to eradicate detection coverage gaps by architecting innovative detection rules that transcend conventional boundaries.

　　Elevating the Signal-to-Noise Ratio (SnR) and relevance of existing detections through meticulous lifecycle management, ensuring a discerning and focused threat landscape. Trailblazing Threat Research: Undertaking the relentless pursuit of cutting-edge attack techniques, meticulously monitoring and cataloging changes in the tradecraft of threat actor groups.

　　Synthesizing acquired insights into actionable intelligence, fortifying our defenses against the ever-evolving threat landscape. Synergetic Collaboration for Precision Rules: Orchestrating synergies with interdisciplinary partners in data science, platform engineering, and threat intelligence.

　　Contributing to the formulation and perpetual refinement of high-fidelity detection rules, aligning our defenses with the pinnacle of industry standards.

　　Closely collaborate with the incident response team to improve the reliability and quality of alerts. -Your technical skills, collaboration and teamwork will help to ensure that our detection system works well to better Secure customers.

　　Proactive Threat Hunting Innovation: Innovating and engineering bespoke hunting tools and automations to proactively unearth and neutralize threats posed by human adversaries.

　　Seamlessly integrating advanced hunting tools into our detection and response framework for enhanced proactive threat mitigation.

　　Qualifications

　　Qualifications:

　　Bachelor's degree in Computer Science or a related technical discipline. Experience:

　　Over 5 years in the computer security industry with a focus on technical roles, including Threat Hunting, Detection Research, Malware Analysis, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team.

　　1+ years of hands-on coding and scripting experience, showcasing proficiency in Regex, Python, SQL, KQL, and PySpark.

　　Data Analysis and Detection Research: Proficient in working with large datasets for analysis and visualization, utilizing tools and scripting languages such as Excel, SQL, Python, Splunk Query Language, Kusto Query Language, Jupyter Notebooks, and PowerBI.

　　Experience in analyzing security product Telemetry and different related logs Threat Analysis: Functional understanding of common threat analysis models, including the Cyber Kill Chain and MITRE ATT&CK.

　　Ability to track, analyze, and brief on new and ongoing cyber-attacks, demonstrating knowledge of identity and popular authentication/authorization protocols. Technical Skills: Experience using analysis tools (e.g., file/network/OS monitoring tools and/or debuggers) and in-depth knowledge of operating system internals and security mechanisms.

　　Proficiency in endpoint protection technologies, particularly EPP/EDR, with expertise in tools like Microsoft Defender for Endpoint.

　　Familiarity with reverse engineering, digital forensics (DFIR) or incident response, and exposure to machine learning models.

　　Offensive Security Knowledge: Experience with offensive security practices, including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing strategies to breach enterprise networks.

　　Exposure to advanced persistent threats and human adversary compromises. Defensive Mindset: Strong understanding of the attacker mindset and the ability to apply defensive tactics to protect against it. Broad, general familiarity with the threat landscape affecting enterprise customers.

　　Communication Skills: Excellent verbal and written communication skills in English. Certifications: Cybersecurity-based certifications such as CISSP, OSCP, CEH, or GIAC certifications.

　　Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:

　　This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .