Senior Security Researcher

Share job

The Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) research team enables global security teams to detect and respond to cyber threats efficiently. By leveraging expert knowledge of the technologies that threats exploit, an attacker mindset, and adapting to a dynamic landscape, we tackle highly sophisticated threats across both cloud and hybrid (cloud + on-prem) attacks. Our AI-driven solutions automate investigations and responses, ensuring swift protection for customers and optimizing security operations. We are looking for a Principal Security Researcher to drive cutting-edge security innovations in large-scale, multi-tenant environments, enhancing the defense capabilities of Government and National cybersecurity teams. We are looking to hire a Senior Security Researcher who will empower the SOC by delivering a full view of all attacks in an organization by creating a single incident queue, reduces alert noise, and improves alert correlation across Microsoft Sentinel and Microsoft Defender data sources. You will leverage Microsoft’s security expertise and automation platforms to enhance and scale the defensive abilities of our customers and their security operations centers to counter the persistent threats they face. Our team values diversity and strives to hire individuals with varied experiences and perspectives. We understand that no candidate possesses every desired skill and experience, but together, we form a strong, effective team.

Experience within coding with languages such as C#, Python and/or PowerShell AND language independent data formats such as JSON/ YAML/XML. • Experience applying MITRE ATT&CK to assess threat scenarios and protection coverage across both cloud and hybrid (cloud + on prem) attacks. • Experience with endpoint, identity, cloud application, cloud infrastructure, email, network and/or other threat detection, and prevention technologies. • Experience with security orchestration, automation, and response (SOAR) technologies that span investigation and response automation across diverse security tool integrations. • Experience with cross-group and interpersonal skills, with the ability to articulate the business need for product improvements and a desire to engage directly with customers. • Research and delivery of security product features to general availability. • Demonstrated experience in conducting data studies, including the ability to work with available telemetry and drive improvements with engineering teams for previously unexplored data sources. • Experience with one or more of the following: Azure Functions, Azure Static Web Sites, Azure Containers, Azure DevOps pipelines, Github actions, Github Codespaces, and Jupyter Notebooks.

• Collaborate closely with cross-functional teams, including security analysts, data scientists, and product teams, to enhance Microsoft Sentinel and Microsoft Defender’s alert correlation and incident management capabilities. • Design and develop AI-driven solutions that automate threat investigation and response processes, optimizing the efficiency of security operations centers (SOCs). • Develop and implement scalable solutions to reduce alert noise and deliver unified incident queues for enhanced visibility and faster incident resolution. • Design and develop research-driven innovations that empower SOCs with end-to-end views of attacks and actionable insights. • Analyze and synthesize data across multiple security domains—including email, identity, endpoint, and cloud—to enhance automated protection with precision and accuracy.