Apply on Employer Site

Microsoft · 15 hours ago

Principal Security Researcher

United States

Full-time

Remote

Lead/Staff

$163K/yr - $296K/yr

8+ years exp

Microsoft is a leading enterprise service company focused on securing digital technology platforms and devices. The Principal Security Researcher will perform threat hunts, assist with investigations, and develop threat intelligence to protect Microsoft customers from advanced adversaries.

Application Performance ManagementArtificial Intelligence (AI)Business DevelopmentData ManagementDevOpsInformation ServicesInformation TechnologyManagement Information SystemsNetwork SecuritySoftware

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Performing deep analysis of attacker activity in on-premises and cloud environments

Identifying potential threats, allowing for proactive defense before an actual incident

Notifying customers regarding imminent attacker activity

Providing recommendations to improve customers’ cybersecurity posture going forward and performing threat intelligence knowledge transfer to prepare customers to defend against today’s threat landscape

Building proof-of-concept and prototype threat hunting tools, automations, and new capabilities

Driving product and tooling improvements by conveying learnings from threat hunting and incident response at scale to engineering partner teams

Identifying, prioritizing, and targeting complex security issues that cause negative impact to customers. Creating and driving adoption of relevant mitigations and providing proactive guidance

Working with others to synthesize research findings into recommendations for mitigation of security issues. Sharing across teams. Driving change within team based on research findings

Qualification

Threat analysisCybersecurityVulnerability researchAnomaly detectionSoftware development lifecycleLarge-scale computingMalware understandingSQLKQLForensic analysis toolsAnalytical skillsCollaborationCommunication skills

Required

Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection

OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection

OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection

OR equivalent experience

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role

Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter

Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations

To meet this legal requirement, and as a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export controlled information

To meet this legal requirement, and as a condition of employment, the successful candidate's citizenship will be verified with a valid passport

Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable

Preferred

Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection

OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 12+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection

OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 15+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection

OR equivalent experience

Proven knowledge of security fundamentals across Microsoft platforms (Client, Server, Cloud)

Strong understanding of malware and the modern threat landscape, especially identity-based attacks

Familiarity and understanding of SQL or Kusto Query Language (KQL) queries (or experience with large database/SIEM query languages such as Splunk/Humio/Kibana, etc.)

Familiarity and understanding of Jupyter Notebooks, or building equivalent threat hunting automations with scripting languages

Experience with sophisticated threat actor evidence including familiarity with typical Indicators of Compromise (IOCs), Indicators of Activity (IOAs) and Tools, Techniques and Procedures (TTPs)

Use of forensic analysis tools such as X-Ways Forensics®, WinHex®, Encase®, FTK®, etc

Experience with various forensic log artifacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs