Responsibilities
- Conduct in-depth research to develop detection mechanisms for novel and advanced offensive tradecraft, including exploits and implants, from proof-of-concept to deployment on agent and cloud platforms.
- Focus on Windows Internals low-level detections, with potential expansion to other attack areas.
- Proactively hunt for threats across on-premises, hybrid, and cloud environments to identify sophisticated attack techniques.
- Stay updated on the latest cyber-attack trends and develop robust detection logic covering the entire kill-chain.
- Design and implement innovative detection algorithms and automated response capabilities to identify and neutralize threats autonomously.
- Investigate real incidents to enhance Microsoft Defender security, develop protection strategies, and circumvent threats.
- Collaborate with product teams to design sensors, implement protection measures, and validate their effectiveness using data-driven methods.
- Engage with customers to identify protection gaps and opportunities for product improvement.
- Author technical blogs and present at security conferences to establish thought leadership in the security community.
Qualifications
- 8+ years of hands-on cybersecurity research experience, especially in endpoint or network threat scenarios.
- Deep understanding of Windows OS internals, including User & Kernel mode architecture.
- Proven experience in low-level development in C or C++ on Windows platforms.
- Familiarity with cloud environments (Azure, AWS) and security challenges in hybrid/multi-cloud setups.
- Strong knowledge of modern attacker techniques, including MITRE ATT&CK and kill-chain methodologies.
- Experience leading end-to-end research from offensive proof-of-concept to scalable detection deployment.
- Proficiency in coding in C, C++, C#, Python, or Rust.
- Curious, analytical mindset capable of thriving in evolving threat landscapes.
- Excellent collaboration and communication skills for working with cross-functional, global teams.
- Background in offensive security research or red teaming.
- Experience in reverse engineering, digital forensics, incident response, or threat intelligence.
- Contributions to the security community through blogs, talks, or whitepapers.
- Familiarity with other OSes like macOS and Linux at a low level.
Other Requirements
Ability to pass Microsoft, customer, and government security screenings, including the Microsoft Cloud Background Check, which is required upon hire and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration without regard to legally protected characteristics. For accommodation requests due to disability, contact the provided support channels.
#J-18808-Ljbffr