Principal Threat Researcher

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

The Defender Experts (DEX) Research team is at the forefront of Microsoft’s threat protection strategy, combining world-class hunting expertise with AI-driven analytics to protect customers from advanced cyberattacks. Our mission is to move protection left—disrupting threats early, before damage occurs—by transforming raw signals into intelligence that powers detection, disruption, and customer trust. We’re looking for a passionate and curious Principal Threat Researcher to join this high-impact team. In this role, you will collaborate closely with researchers, analysts, and detection engineers to advance managed Sentinel expertise and drive research on emerging cloud threats that impact both Microsoft and third-party products. Leveraging a deep understanding of multi-cloud environments and diverse security architectures, you will develop strategies and models that enhance threat detection and response capabilities within Microsoft Sentinel. Your research will directly contribute to the development of real-time protections for enterprises worldwide, ensuring comprehensive coverage across cloud platforms and strengthening the security posture of organizations leveraging a heterogeneous mix of technologies. This is a unique opportunity to work at scale, tackle complex cloud security challenges, and shape the evolution of threat research within Microsoft Security.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

We are seeking a Principal Threat Researcher with a deep passion for advancing cloud security and a proven track record in high-throughput, multi-tenant environments.

• The successful candidate will demonstrate expertise in designing and deploying advanced detection engineering solutions—including Sentinel playbooks, workbooks, analytical rules, and custom detections.
• In this pivotal role, you will drive advanced research on emerging threats, architect innovative detection and response solutions, and play a key role in enhancing Microsoft Security’s capabilities to anticipate, detect, and disrupt sophisticated attacks across complex, heterogeneous cloud ecosystems.  

Responsibilities include:

• Lead and execute advanced research on emerging cloud-based threats impacting Microsoft and third-party security products across heterogeneous cloud environments.
• Develop and refine detection and response strategies leveraging major SIEM platforms, with a strong emphasis on Microsoft Sentinel, to provide comprehensive threat coverage and response capabilities.
• Collaborate with internal and external security teams to design and implement scalable, innovative solutions for multi-cloud threat intelligence, detection, mitigation and response.
• Translate complex raw security data into actionable intelligence that enhances the effectiveness of cloud security operations for a global customer base.
• Mentor, guide, and drive best practices among researchers and detection engineers on advanced threat hunting and incident response across diverse SIEM ecosystems.
• Contribute to industry knowledge and Microsoft’s security posture by publishing research, developing threat models, and proactively identifying threats and attack trends in the cloud

Qualifications

• 10+ years of experience in security research, detection engineering, threat lifecycle, cloud security in large-scale in complex cloud environments, as well as disciplines related to managed services for SIEM platforms.
• Proven ability to lead and execute advanced research on emerging cloud-based threats affecting both Microsoft and third-party security products across heterogeneous cloud environments. 
• Demonstrated expertise in developing and refining detection and response strategies leveraging major SIEM platforms, with a strong emphasis on Microsoft Sentinel, to provide comprehensive threat coverage and response capabilities. 
• Extensive hands-on experience with cloud platforms—including, but not limited to, Azure—as well as a deep understanding of multi-cloud security challenges and solutions. 
• Strong practical experience identifying, analyzing, and mitigating real-world cyber threats in complex cloud environments. 
• Proven ability to work independently and deliver complete solutions.
• Demonstrated capability to effectively articulate technical insights and influence multidisciplinary teams.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.