Principal Security Researcher
Microsoft · Redmond, WA · 6 days ago
Hybrid$143k–$275k/yrFull-time
Responsibilities
- Design and execute purple team simulations that emulate real-world threat actors, techniques, and campaigns across endpoint, identity, cloud, and email surfaces, incorporating both human-driven and agentic execution models.
- Partner closely with Microsoft Defender engineering, research, and threat intelligence teams to evaluate detection coverage, investigation quality, and response effectiveness.
- Analyze telemetry using Kusto / KQL to validate detection logic, uncover gaps, and measure signal quality at scale.
- Translate attacker tradecraft into actionable insights for defenders, including detection recommendations, telemetry requirements, and investigation improvements.
- Apply frameworks such as MITRE ATT&CK to map adversary behavior, identify coverage gaps, and communicate findings clearly to technical and non-technical audiences.
- Leverage and contribute to threat intelligence by both consuming real-world campaign data and producing new insights through simulation outcomes, TTP discovery, and adversary emulation research.
- Design, build, and leverage AI-enabled and agentic systems to automate simulation workflows, generate attack variations, validate detections, and accelerate post-simulation analysis.
- Evaluate the effectiveness of AI-driven detections and defenses, identifying strengths, gaps, and opportunities for improvement across agentic security capabilities.
- Contribute to written simulation reports, executive presentations, and technical documentation that influence product and security strategy.
Qualifications
- Minimum Qualifications: Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
- OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
- OR equivalent experience.
- Other Requirements: Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.