Security Researcher

Microsoft's Customer Experience & Success (CE&S) organization is a global team of over 18,000 employees responsible for the strategy, design, and implementation of Microsoft's end-to-end customer experience. We are seeking a Principal Security Response Engineer, Infrastructure to join our collaborative team in the Microsoft Detection and Response Team (DART).

• Conduct research into critical security areas, such as competitor products, current attacks, adversary tracking, and academic literature.
• Partner cross-functionally to design solutions to prevent attacks and drive change within the team based on research findings.
• Analyze complex issues using multiple data sources to develop insights and identify security problems and threats.
• Develop new solutions to mitigate security issues and make tradeoffs to balance security and operational needs.
• Help to drive resolution to systemic security issues through cross-team collaboration and anticipate previously unknown potential artifacts that could be present in data as indicators of attacker activity.
• Lead efforts to clean, structure, and standardize data and data sources, and curate sources of data and partner to develop and sustain data access across teams.
• Take product schedules, dependencies, and risk assessments into consideration in performing security design and analysis, and create a schedule for analysis of large feature areas that accounts for dependencies and meets milestones.
• Conduct Security Research of Microsoft and competitor products, research, analyze, and summarize security threats and share with security assurance and security tooling teams as enhancements to security compliance program.
• Identify, prioritize, and target complex security issues that cause negative impact to customers, create and drive adoption of relevant mitigations, and suggest and drive appropriate guidance, models, response, and remediation for issues.
• Drive program and process of mitigation (e.g., automation), solve classes of issues systematically and with transparency to customers in technical implementation and automation of solutions related to specific kinds of security issues (e.g., signature detection, malware, threat analysis, reverse engineering).
• Engage with customers and partners to improve security issues, analyze security issues or patterns, advocate for customers and partners, develop feedback channels and translate feedback into better security practices, escalate issues as needed, and foster adoption of security features (e.g., multi-factor authentication [MFA]).
• Help to make connections and assist in developing agreements between groups to clarify priorities and identify dependencies, provide coordination across groups, articulate key security issues to teams and to upper management, autonomously drive coordination and collaboration across teams, and participate in internal or external collaboration in representing Microsoft's interests.
• Protect tools, techniques, information, and results of security practices, assess efficacy of operational security (e.g., red-on-red pen testing), develop new techniques to evaluate operational security, teach others to master techniques, and effectively manage multiple workstreams and resources during incidents, apply diagnostic expertise, provide guidance to other engineers working to mitigate and resolve issues, and maintain a commitment to the quality of products and services throughout the lifecycle.
• Lead large-scale security reviews, lead work on architectural and design security reviews for feature areas, ensure best practices for security architecture, design, and development are in place, measure return on investment (ROI), determine value of investment, measure customer satisfaction, evaluate security risks and their impact to the affected services and work with Dev. Ops leads, engineering leads, and researchers to mitigate risks, and monitor and respond to security events, potential vulnerabilities, exposures, and policy compliance issues.
• Use subject matter expertise to identify potential security issues, tools, mitigations, and processes, stay current in knowledge and expertise as the security landscape evolves, make expertise available to others and drive change through sharing, coaching, conferences, and other means, coach and mentor others in area of expertise, model appropriate risk taking and ethical behavior, use business knowledge and technical expertise to assist with analyzing the work of the team to identify potential tools to assist future vulnerability analyses, help define deployment best practices and security configuration standards to ensure technologies are deployed in a secure fashion, research and maintain deep knowledge of industry trends, technologies, tools, securities, and advances.

• 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, systems administration, and/or anomaly detection, or Master's Degree in Statistics, Mathematics, Computer Science or related field.
• Must be fluent in English.
• Solid understanding of Active Directory and associated components (Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, AD tiering models, gMSAs).
• Solid understanding of Entra ID and associated components (Conditional Access, Multifactor Authentication, Passwordless Authentication, Privileged Identity Management, Identity Protection, Entra ID Connect).
• Strong knowledge of cloud authentication protocols such as OAuth, OpenID Connect, SAML, and WS-Fed.
• Strong knowledge of Azure Resource Management, Azure Infrastructure as a Service (IaaS), Role-Based Access Controls (RBAC), Subscriptions, Resource Groups, Management Groups.
• Proficiency in one or more query languages (KQL, SPL, SQL, etc.).
• Experience in PowerShell and bash scripting.
• Background in, and understanding of the modern attacker kill-chain, MITRE ATT&CK, and emerging enterprise threats including attacks against SaaS Apps and AI Apps, and OAuth Apps.
• Strong knowledge of at least two or more of the following products in the Microsoft Defender suite: Microsoft Defender for Endpoint, Attack Surface Reduction (ASR), Attack Disruption, Live Response, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, Microsoft Defender for Cloud, Microsoft Defender Antivirus, Active and Passive Mode, coexistence with third-party AV products.
• Experience with large-scale software deployment using Microsoft Intune, Microsoft Configuration Manager.
• Experience with Microsoft Public Key Infrastructure (PKI) implementations, Active Directory Federation Services (AD FS).
• Understanding and working knowledge of the Linux and MacOS platforms.
• Experience with two or more of Microsoft's portfolio of Artificial Intelligence (AI) products such as Security Copilot, Bing Copilot, Github Copilot, Office Copilot, and Windows Copilot.
• Experience with large-scale orchestration and deployment of software using Linux deployment tools such as Ansible, Chef, Puppet, etc.
• Experience with SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, IBM QRadar.
• Understanding of DevOps, concepts such as Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management, and Continuous Monitoring.
• Experience with management of virtualization platforms such as Hyper-V, VMware, etc.
• Experience with IP network management including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flow.
• Experience presenting and filtering through data in Excel, Power BI.
• Ability to meet Microsoft, customer, and/or government security screening requirements, including Microsoft Cloud Background Check.

• Industry-leading healthcare.
• Educational resources.
• Discounts on products and services.
• Savings and investments.
• Maternity and paternity leave.
• Generous time away.
• Giving programs.
• Opportunities to network and connect.