Senior Security Researcher

Microsoft Corp

Bengaluru, India

7-9 Years

Save

Posted 8 days ago
Be among the first 10 applicants

Early Applicant

Job Description

Overview

Join a team that's pushing the frontier of modern security research by combining deep attackercentric analysis with AIaugmented, agentic investigation systems. We're evolving security research beyond purely manual, expertdriven workflowsamplifying researcher intuition with automation that scales discovery, accelerates investigations, and raises consistency across the board.

You'll work on realworld threats endtoend: dissecting novel attacker techniques, developing detections grounded in adversary behavior, and shaping automated investigation pipelines that turn raw telemetry into actionable insights. A key focus area is Linux and macOS security, where you'll help close longstanding visibility gaps and surface emerging attack patterns that traditional approaches miss.

Your research will directly power AIdriven campaign discovery and proactive threat hunting, enabling continuous monitoring for new attack classes and faster recognition of evolving adversary tradecraft. You'll collaborate closely with engineering, applied ML, and product partners to translate research findings into productiongrade protectionsensuring that cuttingedge research rapidly becomes real customer impact.

If you're excited about doing deep technical research with outsized, atscale impact, and shaping how the next generation of security investigations are conducted, this team offers a rare opportunity to influence both the art and the system of modern security research.

Responsibilities

As a Senior Security Researcher, you will lead deep, attackercentric research that directly shapes Microsoft's endpoint protection strategy.
You will investigate realworld adversary behavior, uncover emerging attack techniques, and translate research insights into scalable detections and automated investigation workflows.
This role sits at the intersection of handson threat research, AIaugmented investigation, and platform security, with a strong focus on Linux and macOS.
You will help evolve security research from isolated expert analysis into systematized, automationbacked discovery that drives consistent, highimpact customer protection.
Lead indepth investigations of realworld attacker campaigns, malware, and postexploitation techniques across endpoint environments, with emphasis on Linux and macOS platforms.
Decompose attack chains, map techniques to MITRE ATT&CK, and maintain highfidelity adversary and TTP dossiers that inform protection strategy.
Identify emerging attack classes, tradecraft shifts, and detection gaps before they are widely exploited.
Design and prototype behaviorbased detections, heuristics, and researchgrade signals that can be operationalized into production protections.
Partner with engineering and applied ML teams to translate research findings into scalable, reliable detections with clear acceptance criteria and performance tradeoffs.
Evaluate detection efficacy using offline and online telemetry and continuously refine based on realworld attacker behavior.
Contribute to the design of AIassisted and agentic investigation pipelines that automate repetitive analysis steps and amplify researcher productivity.
Shape how attacker techniques, evidence, and hypotheses are represented in systems that enable campaign discovery and proactive hunting at scale.
Ensure research outputs are structured, explainable, and safe for use in automated or semiautomated workflows.
Act as a senior escalation point for complex security incidents, providing expert guidance on attacker behavior, containment strategies, and longterm mitigation.
Lead postincident analysis and rootcause investigations, converting learnings into durable detection and tooling improvements.
Work closely with security engineering, product management, and data science partners to influence roadmap priorities using evidencebacked research insights.
Represent security research perspectives in design reviews, detection cutlines, and protection readiness discussions.
Contribute to internal knowledgesharing through technical writeups, reviews, and mentoring of junior researchers.

Qualifications

7+ years of handson experience in security research, threat analysis, malware analysis, or detection engineering, with demonstrated depth in endpoint security.
Strong understanding of attacker tradecraft, including persistence, privilege escalation, lateral movement, and defense evasion techniques.
Proven experience conducting research on Linux and/or macOS internals, endpoint telemetry, or OSlevel attack surfaces.
Proficiency in at least one scripting or systems language (e.g., Python, C/C++, Go, Rust) used for analysis, tooling, or prototyping.
Demonstrated ability to independently drive ambiguous, openended investigations from hypothesis to actionable outcome.
Strong analytical skills for correlating noisy telemetry into attackerrelevant signals.
Experience translating deep technical findings into clear, decisionready insights for engineering and leadership audiences.
Proven ability to collaborate effectively across research, engineering, and product teams.
Experience mentoring or technically leading other researchers without formal people management responsibilities.
High bar for research quality, operational security, and responsible handling of sensitive techniques and data.
Experience operationalizing research into production detections or largescale protection systems.
Familiarity with AIassisted analysis, automation, or agentbased systems in security workflows.
Prior contributions to security blogs, tools, opensource projects, or industry research publications.
Experience participating in or supporting external evaluations (e.g., MITRE ATT&CK, red team exercises).

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.