Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. The Detection Engineering (DE) team in the CISO organization at Microsoft advances Microsoft's cyber defense capabilities through a strategic, proactive and holistic detection engineering approach. DE is committed to delivering effective and scalable detection solutions that enhance Microsoft's security posture and maintain a secure environment for Microsoft and our customers. The DE team is seeking an experienced, motivated and self-driven Principal Security Researcher to join a growing team of detection engineers, data scientists and automation engineers. In this role, you will be the link between the detection engineers and data scientists in DE and Microsoft threat intelligence analysts and incident responders. You will work at the intersection of threat analysis and data science, identifying emerging threats and analyzing attack techniques to create a dynamic portfolio of high-fidelity detections optimized for top-priority threats. You will use your expertise in both worlds to create a productive collaborative environment to prioritize, design, implement and validate detections across the Microsoft estate. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. **Responsibilities** - Analyze incident and threat intelligence data to extract common TTPs and attack patterns across adversary groups - Work cross-organizationally with partner detection teams, red teams, incident response teams, and the Microsoft Threat Intelligence Center (MSTIC) to identify top priority threats, prioritize detection development and ensure comprehensive coverage across the Microsoft estate - Work with our team of data scientists to create high fidelity detections that disrupt threat actors at the top of the Pyramid of Pain - Increase the scalability, efficiency, and accuracy of detections using the latest innovations in data science and AI - Be a thought leader to drive the strategy of detection engineering at Microsoft and mature our detection capabilities - Produce clear documentation and briefings for audiences from various organizations and levels of seniority. + Embody our culture and values **Qualifications** **Requirement Qualification:** + Doctorate in relevant field AND 3+ years relatedreasearchexperience + OR equivalent experience. + BSc. or M.Sc. in Computer Science, Information Technology, Cybersecurity, or a related field + 3+ years in cybersecurity, with deep experience in 1 or more of: detection engineering, hunting, incident response and threat research. + 3+ years of experience in the security threat landscape, with experience in the modern attacker kill chain, MITRE ATT&CK, and similar frameworks and how to use them to identify and close gaps in detection capabilities + 3+ years of experience with SIEM/EDR platforms (Microsoft Sentinel, Defender suite). + Experience in cloud environments, and hybrid cloud enterprise services + Experience collaborating and establishing strong cross-team partnerships to bolster information sharing and coordinate strategies. **Preferred Qualifications:** + 3+ years in data analytics or data science + 3+ years authoring, deploying and tuning detections + 3+ years in technical leadership positions + Strong understanding of intrusion detection systems, endpoint security solutions, Azure and how they intersect with security workflows. + Strong verbal and written communication skills, including the ability to create clear documentation and strategy papers and deliver effective presentations. Research Sciences IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay Microsoft will accept applications for the role until June 27, 2025. \#CISOOrg #GUARD #Detections #Cybersecurity Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .