You will investigate real‑world adversary behavior, uncover emerging attack techniques, and translate research insights into scalable detections and automated investigation workflows. This role sits at the intersection of hands‑on threat research, AI‑augmented investigation, and platform security, with a strong focus on Linux and macOS. You will help evolve security research from isolated expert analysis into systematized, automation‑backed discovery that drives consistent, high‑impact customer …
Responsibilities
Lead in‑depth investigations of real‑world attacker campaigns, malware, and post‑exploitation techniques across endpoint environments, with emphasis on Linux and macOS platforms. Decompose attack chains, map techniques to MITRE ATT&CK, and maintain high‑fidelity adversary and TTP dossiers that inform protection strategy. Identify emerging attack classes, tradecraft shifts, and detection gaps before they are widely exploited. Design and prototype behavior‑based detections, heuristics, and research‑grade signals that can be operationalized into production protections. Partner with engineering and applied ML teams to translate research findings into scalable, reliable detections with clear acceptance criteria and performance trade‑offs. Evaluate detection efficacy using offline and online telemetry and continuously refine based on real‑world attacker behavior. Contribute to the design of AI‑assisted and agentic investigation pipelines that automate repetitive analysis steps and amplify researcher productivity. Shape how attacker techniques, evidence, and hypotheses are represented in systems that enable campaign discovery and proactive hunting at scale. Ensure research outputs are structured, explainable, and safe for use in automated or semi‑automated workflows. Lead post‑incident analysis and root‑cause investigations, converting learnings into durable detection and tooling improvements. Work closely with security engineering, product management, and data science partners to influence roadmap priorities using evidence‑backed research insights. Contribute to internal knowledge‑sharing through technical write‑ups, reviews, and mentoring of junior researchers. Experience translating deep technical findings into clear, decision‑ready insights for engineering and leadership audiences. Experience mentoring or technically leading other researchers without formal people management responsibilities. Experience operationalizing research into production detections or large‑scale protection systems. Experience participating in or supporting external evaluations (e.
Original Posting
This role is sourced from Microsoft. Apply on Microsoft careers page