Principal Security Researcher
Redmond, Washington, United States
Applications have closed
Microsoft
Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today.Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
Does protecting over 1 billion customers and making the cyber world a better place sound exciting? Do you have what it takes to be part of one of the world's most crucial security monitoring and detection teams? Do you want to innovate and improve how Microsoft transforms learnings from Intel & incidents into actionable detection and automated processes? This may be an opportunity for you. Azure Security seeks motivated, experienced Principal Security Researcher to join our team. We are looking for someone who can dig into hard engineering problems to improve the core fundamentals of our systems, add critical and exciting new features, revolutionize how our engineers work day-to-day, and try new things like bringing the power of machine learning and statistical analysis at scale to solve these and other problems.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
- Lead and conduct Post Incident Reviews (PIR)
- Work directly on security reviews, formidable & complex automation and remediation workflows across multiple antipatterns.
- Engineer mitigations for subcategories of Root-Cause Analysis (RCA) and antipatterns that we observe based on trends.
- Delivers shift-left mitigations that are designed to eliminate/prevent subcategories of Root-Cause Analysis and antipatterns.
- Identify patterns of failure and Root-Cause Analysis through Machine Learning / ArtificiaI Intelligence prediction for components
- Understand the most important subcategories of Root-Cause Analysis and antipatterns observed through ongoing trend analysis.
- Identifying the “top” Root-Cause Analysis and antipattern categories based on trends.
- Identifying representative subcategories for Root-Cause Analysis and antipatterns for which mitigation Research & Development should be pursued.
- Measuring the impact of mitigations that have been implemented in terms of trend data.
- Analyzing Root-Cause Analysis and antipattern trends that are being observed from incidents, red team ops, and internal/external vulnerability reports.
- Collaborate with other researchers, coordinators, and developers to improve the protection capabilities of the products research, design, and develop shift-left mitigations for subcategories of Root-Cause Analysis and antipatterns, such as in the form of static analysis rules, dynamic analysis rules, platform changes, and so on.
- Other
Qualifications
Required/Minimum Qualifications
- 7+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection
- OR Doctorate in Statistics, Mathematics, Computer Science or related field
Other Requirements:
- Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter.
Additional or Preferred Qualifications
- 8+ years experience in software development lifecycle, cloud security, large-scale computing, modeling, cybersecurity, and/or anomaly detection
- OR Doctorate in Statistics, Mathematics, Computer Science or related field.
- 5+ years of experience with Security subject matter knowledge capable of understanding the technical details of Root-Cause Analysis and antipatterns & Researcher
- Ability to dive into the technical differences and properties of Root-Cause Analysis and antipatterns.
- 1+ years of track record in identifying multiple new attack techniques in the Identity domainWorking knowledge of cloud service development, static analysis, and CI/CD.
- Deep understanding of security attack techniques used in real-world scenarios, spanning both large-scale and targeted attacks.
- Extensive published research and ability to collaborate across the research community.
- Proficiency in C# / Python / PowerShell development.
Security Research IC5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until June 18, 2024.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
#MSFT #Security #Research #SecurityEngineering
Tags: Automation Azure C CI/CD Cloud Computer Science Machine Learning Mathematics Monitoring PowerShell Python Red team SDLC
Perks/benefits: Career development Medical leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open PowerShell-related jobs