The Defender Experts (DEX) Research team is at the forefront of Microsoft’s threat protection strategy, combining world-class hunting expertise with AI-driven analytics to protect customers from advanced cyberattacks. Our mission is to move protection left—disrupting threats early, before damage occurs—by transforming raw signals into intelligence that powers detection, disruption, and customer trust. We’re looking for a passionate and curious Senior Threat Researcher to join this high-impact team.In this role, you will collaborate closely with researchers, analysts, and detection engineers to advance managed Sentinel expertise and drive research on emerging cloud threats that impact both Microsoft and third-party products. Leveraging a deep understanding of multi-cloud environments and diverse security architectures, you will develop strategies and models that enhance threat detection and response capabilities within Microsoft Sentinel. Your research will directly contribute to the development of real-time protections for enterprises worldwide, ensuring comprehensive coverage across cloud platforms and strengthening the security posture of organizations leveraging a heterogeneous mix of technologies. This is a unique opportunity to work at scale, tackle complex cloud security challenges, and shape the evolution of threat research within Microsoft Security.
Responsibilities
We are seeking a Senior Threat Researcher with a deep passion for advancing cloud security and a proven track record in high-throughput, multi-tenant environments. The successful candidate will demonstrate expertise in designing and deploying advanced detection engineering solutions—including Sentinel playbooks, workbooks, analytical rules, and custom detections. In this pivotal role, you will drive advanced research on emerging threats, architect innovative detection and response solutions, and play a key role in enhancing Microsoft Security’s capabilities to anticipate, detect, and disrupt sophisticated attacks across complex, heterogeneous cloud ecosystems.
Responsibilities Include
- Lead and execute advanced research on emerging cloud-based threats impacting Microsoft and third-party security products across heterogeneous cloud environments.
- Develop and refine detection and response strategies leveraging major SIEM platforms, with a strong emphasis on Microsoft Sentinel, to provide comprehensive threat coverage and response capabilities.
- Collaborate with internal and external security teams to design and implement scalable, innovative solutions for multi-cloud threat intelligence, detection, mitigation and response.
- Translate complex raw security data into actionable intelligence that enhances the effectiveness of cloud security operations for a global customer base.
- Mentor, guide, and drive best practices among researchers and detection engineers on advanced threat hunting and incident response across diverse SIEM ecosystems.
- Contribute to industry knowledge and Microsoft’s security posture by publishing research, developing threat models, and proactively identifying threats and attack trends in the cloud.
Qualifications
- 5+ years of experience in security research, detection engineering, threat lifecycle, cloud security in large-scale in complex cloud environments, as well as disciplines related to managed services for SIEM platforms.
- Proven ability to lead and execute advanced research on emerging cloud-based threats affecting both Microsoft and third-party security products across heterogeneous cloud environments.
- Demonstrated expertise in developing and refining detection and response strategies leveraging major SIEM platforms, with a strong emphasis on Microsoft Sentinel, to provide comprehensive threat coverage and response capabilities.
- Extensive hands-on experience with cloud platforms—including, but not limited to, Azure—as well as a deep understanding of multi-cloud security challenges and solutions.
- Strong practical experience identifying, analyzing, and mitigating real-world cyber threats in complex cloud environments.
- Proven ability to work independently and deliver complete solutions.
- Demonstrated capability to effectively articulate technical insights and influence multidisciplinary teams.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
