Identity and Access Researcher
Microsoft
Identity and Access Researcher
Redmond, Washington, United States
Save
Overview
Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
Our research team is dedicated to protecting Microsoft 365 users across SaaS applications, identities, OAuth applications, and data by delivering cross-category, deeply integrated threat protection for security operations and administration teams. We focus on anticipating and mitigating advanced threats that exploit modern identity and access paradigms. If you believe that cyberattacks can unfold without ever dropping an executable on disk—and that an OAuth app, enterprise application, or access token can pose greater risk than a PowerShell script—this role offers the opportunity to make a meaningful impact.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Qualifications
Required Qualifications:
- Proven experience in cybersecurity, with deep understanding of the modern attacker kill-chain, MITRE ATT&CK framework, and evolving enterprise threats—particularly those targeting identity systems and infrastructure.
- Experience in analyzing large-scale datasets (e.g., billions of events per day) to uncover patterns, detect anomalies, and drive threat intelligence.
- Experience in at least one programming language such as Python or C#, and one query language such as PySpark or Kusto Query Language (KQL).
- Bachelor's Degree in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 6+ years related experience (e.g., statistics, predictive analytics, research)
- OR Master's Degree in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 4+ years related experience (e.g., statistics, predictive analytics, research)
- OR Doctorate in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 3+ years related experience (e.g., statistics, predictive analytics, research)
- OR equivalent experience.
- 6+ years of experience of in Identity security research.
Other Requirements:
- Drive innovative solutions to assess and quantify the confidence level of potentially compromised accounts by integrating and analyzing diverse data sources.
- Demonstrate a strong passion for problem-solving and a track record of delivering novel approaches in the cybersecurity domain.
- Collaborate cross-functionally with research and product teams to translate complex data insights into actionable outcomes.
- Ensure findings are clearly communicated through high-quality documentation and compelling presentations tailored to technical and non-technical stakeholders. Foster a culture of collaborative innovation, encouraging knowledge sharing and joint problem-solving to accelerate impact and drive continuous improvement in threat detection and response capabilities.
Applied Sciences IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until June 19th, 2025.
#MSFTSecurity CAIR
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Responsibilities
Develop and maintain systems that generate a confidence score indicating the likelihood of compromise for both user and application accounts, leveraging diverse telemetry and threat intelligence signals. Enhance the capabilities of AI-powered investigation agents by enriching them with contextual signals and behavioral insights that contribute to accurate compromise assessments. Operationalize the confidence score by integrating it into automated and manual response workflows, enabling timely and effective actions against compromised identities and accounts.
Other