Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions.

The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

At Microsoft Security, our mission is to make the world a safer place for all. The Messaging and Web Security Research team is a global, multidisciplinary organization of engineers, data scientists, security researchers, and program managers. With an unparalleled view of the threat landscape, we develop deep expertise in attacker techniques and use that knowledge along with the latest technology to stop it. We protect customers using Outlook.com, Microsoft Defender for O365, Microsoft Edge, and much more. The team is focused on discovering email borne (socially engineered) threats and tracking threat actors behind them. We are laser focused on countering adversary-based threats to Microsoft and its customers through production and dissemination of threat intelligence, proactive hunting and incident response, and the development of new tools and approaches to detect adversary activity. One of the core mission of the team is to track both nation state and crimeware threat actors abusing Microsoft Infrastructure and improve services to catch such attack campaigns sooner. You will have an opportunity to research and build innovative approaches for detecting and tracking advanced threats and developing TTPs (Tactics, Techniques and Procedures). You will work closely with other MSTIC (Microsoft Threat Intelligence Center) analysts, reverse engineers, O365 defenders and signal teams to investigate threats, proactively hunt for compromise, and develop tooling and data automation.

We are looking for an Senior Security Researcher to join to the team.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Demonstrate an advanced understanding of the current and former threat landscape, including major trends, activity groups, and tooling used by both prolific and obscure threat actors.

• Develop complex detections using static, dynamic, and hybrid detection engines, such as Yara, ClamAV, Suricata/Snort, Sigma, and Zeek.

• Focus on signature performance, maintenance, testing, and the overall lifecycle management of signatures.

• Conduct in-depth analysis for threats such as phishing, malware, and exploits

• Utilize sandboxing technologies to analyze and understand malicious behaviors, including development, advanced usage, and interpretation of outputs.

• Conduct thorough threat hunting and analysis using large and diverse datasets to identify false negatives, detect gaps, and improve our overall security posture.

• Document and track advanced threat activity, including major crimeware, nation state entities, and other threat groups.

• Leverage cyber threat intelligence concepts to enhance detection and response capabilities.

• Automate security processes through scripting or coding languages, particularly Python.

• Apply knowledge of KQL (Kusto Query Language) to perform advanced data analysis and investigations.

• Analyze network traffic using PCAP (Packet Capture), netflow, or other log sources to identify and respond to security incidents.

• Possess excellent communication skills to effectively collaborate with teams and individuals outside of the security team.

• Build, develop, and maintain processes and procedures to enhance operational efficiency and effectiveness.

• Mentor team members and provide training to internal and external teams.

Qualifications

Required/Minimum Qualifications:

• 5+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection

o OR Master's Degree in Statistics, Mathematics, Computer Science or related field.

• 5+ years working in computer security with a focus on network and enterprise defense.

• 3+ years of experience in crafting detections using static, dynamic, and hybrid detection engines, such as Yara, ClamAV, Suricata/Snort, Sigma, and Zeek.

• 2+ years working within the Email and Web threat landscape.

Other requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.

Security Research IC4 - The typical base pay range for this role across the U.S. is USD $112,000 - $218,400 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $145,800 - $238,600 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

#MSecR #MSFTSecurity #MSTIC #DetectionEngineering

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .