Senior & Principal Security Researcher
Microsoft · United States
- Hybrid
- Full-time
- $119,800 / year
- United States
Job highlights
- Hunt and investigate advanced threats.
- Develop threat intelligence and customer notifications.
- Improve Microsoft security tools and products.
- Analyze attacker TTPs and activity.
- Protect customers from cyber adversaries.
About the role
About the Role
The Cloud & AI organization at Microsoft is dedicated to securing digital technology platforms, devices, and clouds for our customers in diverse environments. We foster a growth mindset, inspire excellence, and encourage our teams and leaders to bring their best daily, creating innovations that impact billions worldwide. Microsoft is a global leader in enterprise services. Do you have a passion for defending Microsoft's clients against targeted exploitation? Are you eager to be at the forefront of security industry developments and significantly impact the security of all Microsoft customers? Do you want to help our customers confront advanced adversaries? If this excites you, consider joining the Global Hunting, Oversight, and Strategic Triage (GHOST) team as a Senior or Principal Security Researcher! We are seeking an experienced Senior Security Researcher with strong analytical skills to join our team. Your responsibilities will include conducting threat hunts, assisting with investigations, developing threat intelligence, and integrating investigation best practices into Microsoft's tools and products. You will support a global team in identifying and cataloging new attacker TTPs and victims, and delivering customer notifications to protect enterprise customers worldwide and empower them through continuous improvement of Microsoft products. Microsoft's mission is to empower every person and organization to achieve more. As employees, we unite with a growth mindset, innovate to empower others, and collaborate to achieve our shared goals. We uphold values of respect, integrity, and accountability daily, cultivating an inclusive culture where everyone can thrive.Responsibilities
- Perform deep analysis of attacker activity in on-premises and cloud environments.
- Identify potential threats for proactive defense before incidents occur.
- Notify customers regarding imminent attacker activity.
- Provide recommendations to enhance customers' cybersecurity posture and conduct threat intelligence knowledge transfer.
- Build proof-of-concept and prototype threat hunting tools, automations, and new capabilities.
- Drive product and tooling improvements by communicating learnings from large-scale threat hunting and incident response to engineering partners.
- Identify, prioritize, and target complex security issues impacting customers, and create/drive adoption of mitigations with proactive guidance.
- Synthesize research findings into recommendations for mitigation and share across teams, driving change within the team based on research.
Qualifications
Required/minimum qualifications:- Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
- Citizenship & Verification: This role requires access to export-controlled information. Candidates must provide proof of citizenship or U.S. permanent residency/protected status for eligibility assessment. Citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may use other applicable documents.
- Ability to meet Microsoft, customer, and/or government security screening requirements, including the Microsoft Cloud Background Check (required upon hire/transfer and every two years thereafter).
- Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience.
- Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud).
- Strong understanding of malware and the modern threat landscape, especially identity-based attacks.
- Familiarity with SQL or Kusto Query Language (KQL) queries (or experience with large database/SIEM query languages like Splunk/Humio/Kibana).
- Familiarity with Jupyter Notebooks or building threat hunting automations with scripting languages.
- Experience with sophisticated threat actor evidence including Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and Tools, Techniques and Procedures (TTPs).
- Use of forensic analysis tools (e.g., X-Ways Forensics®, WinHex®, Encase®, FTK®).
- Experience with various forensic log artifacts from SIEM, web server, AV, and protection logs (HIDS, NIDS).
- Security Research IC4: US base pay range: $119,800 - $234,700 annually. Higher range in San Francisco Bay Area and New York City metro: $158,400 - $258,000 annually. Benefits and additional compensation may apply.
- Security Research IC5: US base pay range: $139,900 - $274,800 annually. Higher range in San Francisco Bay Area and New York City metro: $188,000 - $304,200 annually. Benefits and additional compensation may apply.
- Senior Security Researcher
- Threat Hunting
- Incident Response
- Threat Intelligence
- Vulnerability Research
- Cybersecurity
- Malware Analysis
- Forensic Analysis
- Kusto Query Language (KQL)
- Security Fundamentals
Skills & topics
- Security Researcher
- Threat Hunting
- Incident Response
- Threat Intelligence
- Cybersecurity
- Vulnerability Research
- Malware Analysis
- Forensic Analysis
- Cloud Security
- AI Security
How to get hired
- Tailor your resume: Highlight experience in threat analysis, cybersecurity, and relevant academic fields. Emphasize large-scale computing and software development lifecycle experience.
- Showcase technical expertise: Detail your proficiency with forensic tools, query languages like KQL or SQL, and scripting for automation. Mention experience with IOCs, IOAs, and TTPs.
- Demonstrate security fundamentals: Clearly articulate your understanding of security across Microsoft platforms, malware, and modern threat landscapes, especially identity-based attacks.
- Prepare for security screenings: Understand the citizenship verification and background check requirements specific to roles requiring access to export-controlled information.
- Highlight research impact: Quantify your contributions in previous roles, especially in threat hunting, incident response, and driving product improvements.
Technical preparation
Master KQL or similar SIEM query languages.,Practice scripting for automation.,Study Microsoft platform security.,Familiarize with forensic tools.
Behavioral questions
Describe a complex threat you analyzed.,How do you handle critical customer notifications?,Explain your approach to proactive defense.,How do you collaborate with engineering teams?
Frequently asked questions
- What is the difference between the Senior and Principal Security Researcher roles at Microsoft?
- The job posting lists compensation ranges for both Security Research IC4 (Senior) and IC5 (Principal). Typically, a Principal role involves more complex problem-solving, leadership in research initiatives, and a broader impact on strategy, while a Senior role focuses on deep technical contributions and execution. Specific responsibilities and expectations may vary.
- What kind of security issues does a Security Researcher at Microsoft investigate?
- As a Security Researcher on the GHOST team, you will investigate sophisticated threat actor activity, analyze malware, identify attacker TTPs, and respond to incidents in both on-premises and cloud environments. This includes defending against identity-based attacks and protecting customers from imminent threats.
- Is experience with Kusto Query Language (KQL) strictly required for the Senior Security Researcher role?
- Familiarity and understanding of SQL or Kusto Query Language (KQL) queries are preferred qualifications. Experience with similar large database/SIEM query languages like Splunk or Kibana can also be valuable if KQL proficiency is not yet established.
- What are the citizenship requirements for this Senior Security Researcher position?
- This role requires access to export-controlled information, necessitating verification of your country of citizenship or U.S. permanent residency. A valid passport will be used for verification. This is a condition of employment.
- How does Microsoft approach threat intelligence and customer notification in this role?
- Security Researchers on the GHOST team are responsible for developing threat intelligence and delivering customer notifications regarding imminent attacker activity. This proactive approach aims to protect worldwide enterprise customers and empower them to defend themselves.
- What is the significance of the Global Hunting, Oversight, and Strategic Triage (GHOST) team?
- The GHOST team is at the forefront of defending Microsoft's clients and internal estate against advanced adversaries. They perform threat hunts, conduct investigations, develop threat intelligence, and influence product development to enhance security across Microsoft's ecosystem.
- Does Microsoft offer remote work options for Security Researcher roles?
- The job description does not explicitly state the work arrangement (remote, hybrid, on-site). However, given the nature of security research and Microsoft's global presence, it's common for such roles to be hybrid or on-site, with potential for remote work depending on team needs and location. Clarification would be needed.