Principal Security Researcher

The Microsoft Threat Intelligence Center (MSTIC) have unique optics into end-to-end attacks and how different stages manifest across our telemetry: we join the dots and show the art of the possible. The Threat Intelligence Product Research team research and develop new detection capability through novel correlation and analysis ideas, embed Threat Intelligence, and then achieve global impact by partnering across the company to make these a reality in customer-facing security solutions. We’re recruiting a Principal Security Researcher with deep expertise and a track record of successful security research delivery to tackle hard problems related to the discovery of threat actors targeting Microsoft and its customers. You’ll be working to analyse vast amounts of telemetry from multiple different products then designing and prototyping detections and disruptions to protect millions of customers. You’ll also be working closely with the threat intelligence analyst community to build new insights and automate tracking of threat actors through your deep expertise in security product and platform internals. Security Research is a broad field, and we welcome interest from accomplished security researchers with a wide variety of prior expertise. Our primary focus is on threat intelligence-based detection through analysis of telemetry sent to the cloud or generated by internal cloud services – so a desire to work at that level and build guru-level knowledge of Kusto and KQL is essential. Our current areas of focus are related to Identity, Cloud Apps and Microsoft Cloud, but there is scope to research and join activity over a wide range of technologies and data sources.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Harness your deep security research background and expertise to design and build new detection capabilities for a range of security products – driven by threat intelligence.
• Discover new threat actor activity and build automations based on a deep understanding of product internals and telemetry.

Qualifications

• Expert level experience working on and leading cutting-edge cyber security research projects
• Proficient building security capabilities and tooling in at least one programming language, such as Python, C#, C++
• Experience working with large datasets for the purpose of security research, using a query language such as SQL or KQL – and a passion for security data!
• Excellent cross group and interpersonal skills, with the ability to articulate the business need for security and technical improvements

Other Requirements
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:

• This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
• Experience of Identity, Cloud Apps and Microsoft Cloud related security research, attacks, threat hunting and detection
• Experience building threat detection logic for security products
• Experience writing production-quality code and working on production systems, ideally in C# and running on Kubernetes

#MSFTSecurity #MSTIC #Cheltenham

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.