Senior Security Researcher - Microsoft Defender

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Come and be part of a new and dynamic team, focusing on emerging threats against organizational -enterprise environments. There’s an opportunity joining a new team focusing on disrupting nation state and stealthy attacks, across all the Microsoft Defender’s stack products, this role is currently focusing one of the flagships of the Defender stack - Microsoft Defender for Endpoint. Join the elite team powering Microsoft Defender's most groundbreaking autonomous protection system: Automatic Attack Disruption. As cyber threats evolve in sophistication, our team leads the charge in detecting, investigating, and automatically disrupting stealthy attacks conducted by various threat groups – from nation states to sophisticated cyber criminals. We're looking for a passionate security researcher ready to make a real-world impact by protecting global enterprises from advanced and sophisticated attacks. As part of our Israeli research team, you'll hunt through diverse signals across on-premises, hybrid and cloud environments, uncovering advanced threats, research emerging attack techniques, design next-generation protection systems, and develop detection logic that ensures no compromise goes unnoticed. This is your chance to stay steps ahead of advanced adversaries while building autonomous defense capabilities that protect organizations worldwide. The job includes ideation to customer facing detection, researching novel attack techniques, hunting through our rich sensor data, identifying necessary optics for detecting malicious behaviour and crafting detection and protection logic to ensure compromise does not go undetected. Our team values diversity and strives to hire individuals with varied experiences and perspectives. We understand that no candidate possesses every desired skill and experience, but together, we form a strong, effective team. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Conduct in-depth research to develop detection mechanisms for novel and advanced offensive techniques — from exploits to implants.

• Lead end-to-end implementation efforts: from offensive proof-of-concept (PoC) to scalable, deployable detection logic across agent and cloud platforms.

• Focus on low-level Windows Internals–based detections, with the opportunity to expand into additional high-impact attacker surfaces.

• Proactively hunt across diverse signal sources — including on-premises, hybrid, and cloud environments — to uncover stealthy threats and emerging attack techniques.

• Stay current with the latest cyberattack trends and design robust, sophisticated detection logic across the full attacker kill-chain.

• Build and implement innovative automated disruption capabilities that autonomously detect and mitigate attacks in real time.

• Investigate real-world incidents to improve protection strategies and enhance the Microsoft Defender for Endpoint (MDE) product.

• Collaborate with engineering and product teams to design security sensors, validate protection ideas, and measure effectiveness using data-driven approaches.

• Engage with customers to identify product gaps, share insights, and enhance protection coverage based on real-world needs.

• Contribute to the broader security community by authoring technical blogs, sharing research findings, and presenting at leading security conferences.

Qualifications

• 8+ years of hands-on experience in cybersecurity research, preferably in endpoint or network-based threat scenarios.
• Deep understanding of Windows OS internals  including User & Kernel mode architecture.
• Proven experience in low-level development, preferably in C or C++ on Windows platforms.
• Familiarity with cloud environments (e.g., Azure, AWS) and understanding of security challenges in hybrid or multi-cloud infrastructures.
• Strong grasp of modern attacker techniques, including MITRE ATT&CK and full kill-chain methodologies.
• Demonstrated ability to lead end-to-end research efforts  from offensive PoC to scalable detection deployment.
• Experience in threat hunting across diverse signal sources (on-prem, hybrid, and cloud).
• Coding proficiency in at least one of the following: C, C++, C#, Python, or Rust.
• Curious, analytical mindset with the ability to thrive in ambiguous and evolving threat landscapes.
• Excellent collaboration and communication skills, with experience working in cross-functional, global teams.

Preferred  Qualifications 

• Background in offensive security research or red teaming.
• Experience in reverse engineering (e.g., using debuggers, disassemblers, analyzing file formats).
• Hands-on knowledge of digital forensics, incident response, or threat intelligence.
• Prior contributions to the security community (e.g., blogs, conference talks, or whitepapers).
• Familiarity with macOS, Linux, or other operating systems at the low level.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

#MSFTSecurity #MSFTSecurity #SecurityResearch #AttackDisruption #MTPRIL

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.