Security Researcher

Microsoft's Customer Experience & Success (CE&S) organization is a global team of over 18,000 employees, responsible for delivering end-to-end customer experiences. We're seeking a Principal Security Response Engineer, Infrastructure to join our Microsoft Detection and Response Team (DART). This role will be a vital individual contributor, taking the lead in threat hunting and forensics for cybersecurity investigations.

• Conduct research into critical security areas, such as competitor products, current attacks, and adversary tracking.
• Partner with cross-functional teams to design solutions to prevent attacks and drive engineering projects.
• Investigate business-critical security issues, advocate for priorities, and elevate findings to address and mitigate issues.
• Work with others to synthesize research findings into recommendations for mitigation of security issues.
• Drive change within the team based on research findings and contribute to professional community through publications.
• Analyze complex issues using multiple data sources to develop insights and identify security problems and threats.
• Develop new solutions to mitigate security issues and make tradeoffs to balance security and operational needs.
• Identify and recommend process improvements and adopt best practices.
• Lead efforts to clean, structure, and standardize data and data sources.
• Take product schedules, dependencies, and risk assessments into consideration in performing security design and analysis.
• Conduct Security Research of Microsoft and competitor products.
• Research, analyze, and summarize security threats and share with security assurance and security tooling teams as enhancements to security compliance program.
• Identify, prioritize, and target complex security issues that cause negative impact to customers.
• Create and drive adoption of relevant mitigations.
• Suggest and drive appropriate guidance, models, response, and remediation for issues.
• Drive program and process of mitigation (e.g., automation).

• 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, systems administration, and/or anomaly detection.
• OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
• Must be fluent in English.
• Solid understanding of Active Directory and associated components (Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, AD tiering models, gMSAs).
• Solid understanding of Entra ID and associated components (Conditional Access, Multifactor Authentication, Passwordless Authentication, Privileged Identity Management, Identity Protection, Entra ID Connect).
• Strong knowledge of cloud authentication protocols such as OAuth, OpenID Connect, SAML, and WS-Fed.
• Strong knowledge of Azure Resource Management, Azure Infrastructure as a Service (IaaS), Role-Based Access Controls (RBAC), Subscriptions, Resource Groups, Management Groups.
• Proficiency in one or more query languages (KQL, SPL, SQL, etc.).
• Experience in PowerShell and bash scripting.
• Background in, and understanding of the modern attacker kill-chain, MITRE ATT&CK, and emerging enterprise threats including attacks against SaaS Apps and AI Apps, and OAuth Apps.
• Strong knowledge of at least two or more of the following products in the Microsoft Defender suite.

• Experience with large-scale software deployment using Microsoft Intune, Microsoft Configuration Manager.
• Experience with Microsoft Public Key Infrastructure (PKI) implementations, Active Directory Federation Services (AD FS).
• Understanding and working knowledge of the Linux and MacOS platforms.
• Experience with two or more of Microsoft's portfolio of Artificial Intelligence (AI) products such as Security Copilot, Bing Copilot, Github Copilot, Office Copilot, and Windows Copilot.
• Experience with large-scale orchestration and deployment of software using Linux deployment tools such as Ansible, Chef, Puppet, etc.
• Experience with SIEM and SOAR platforms such as Microsoft Sentinel, Splunk, IBM QRadar.
• Understanding of DevOps, concepts such as Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management, and Continuous Monitoring.
• Experience with management of virtualization platforms such as Hyper-V, VMware, etc.
• Experience with IP network management including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flow.
• Experience presenting and filtering through data in Excel, Power BI.

Microsoft offers a range of benefits, including industry-leading healthcare, educational resources, discounts on products and services, savings and investments, maternity and paternity leave, generous time away, giving programs, and opportunities to network and connect.