Identity and Access Researcher

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Our research team is dedicated to protecting Microsoft 365 users across SaaS applications, identities, OAuth applications, and data by delivering cross-category, deeply integrated threat protection for security operations and administration teams. We focus on anticipating and mitigating advanced threats that exploit modern identity and access paradigms. If you believe that cyberattacks can unfold without ever dropping an executable on disk—and that an OAuth app, enterprise application, or access token can pose greater risk than a PowerShell script—this role offers the opportunity to make a meaningful impact.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

Develop and maintain systems that generate a confidence score indicating the likelihood of compromise for both user and application accounts, leveraging diverse telemetry and threat intelligence signals. Enhance the capabilities of AI-powered investigation agents by enriching them with contextual signals and behavioral insights that contribute to accurate compromise assessments. Operationalize the confidence score by integrating it into automated and manual response workflows, enabling timely and effective actions against compromised identities and accounts.

Qualifications

 Required Qualifications:

• Proven experience in cybersecurity, with deep understanding of the modern attacker kill-chain, MITRE ATT&CK framework, and evolving enterprise threats—particularly those targeting identity systems and infrastructure.
• Experience in analyzing large-scale datasets (e.g., billions of events per day) to uncover patterns, detect anomalies, and drive threat intelligence.
• Experience in at least one programming language such as Python or C#, and one query language such as PySpark or Kusto Query Language (KQL).
• Bachelor's Degree in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 6+ years related experience (e.g., statistics, predictive analytics, research) 
  • OR Master's Degree in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 4+ years related experience (e.g., statistics, predictive analytics, research) 
  • OR Doctorate in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 3+ years related experience (e.g., statistics, predictive analytics, research) 

• • OR equivalent experience.
• 6+ years of experience of in Identity security research.

Other Requirements:

• Drive innovative solutions to assess and quantify the confidence level of potentially compromised accounts by integrating and analyzing diverse data sources.
• Demonstrate a strong passion for problem-solving and a track record of delivering novel approaches in the cybersecurity domain.
• Collaborate cross-functionally with research and product teams to translate complex data insights into actionable outcomes.
• Ensure findings are clearly communicated through high-quality documentation and compelling presentations tailored to technical and non-technical stakeholders. Foster a culture of collaborative innovation, encouraging knowledge sharing and joint problem-solving to accelerate impact and drive continuous improvement in threat detection and response capabilities.

Applied Sciences IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until June 15, 2025.

#MSFTSecurity CAIR

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.