Senior Security Researcher - Microsoft Defender

ecurity represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Come and be part of a new and dynamic team, focusing on emerging threats against organizational -enterprise environments. There’s an opportunity joining a new team focusing on disrupting nation state and stealthy attacks, across all the Microsoft Defender’s stack products, this role is currently focusing one of the flagships of the Defender stack - Microsoft Defender for Endpoint. Join the elite team powering Microsoft Defender's most groundbreaking autonomous protection system: Automatic Attack Disruption. As cyber threats evolve in sophistication, our team leads the charge in detecting, investigating, and automatically disrupting stealthy attacks conducted by various threat groups – from nation states to sophisticated cyber criminals. We're looking for a passionate security researcher ready to make a real-world impact by protecting global enterprises from advanced and sophisticated attacks. As part of our Israeli research team, you'll hunt through diverse signals across on-premises, hybrid and cloud environments, uncovering advanced threats, research emerging attack techniques, design next-generation protection systems, and develop detection logic that ensures no compromise goes unnoticed. This is your chance to stay steps ahead of advanced adversaries while building autonomous defense capabilities that protect organizations worldwide. The job includes ideation to customer facing detection, researching novel attack techniques, hunting through our rich sensor data, identifying necessary optics for detecting malicious behaviour and crafting detection and protection logic to ensure compromise does not go undetected. Our team values diversity and strives to hire individuals with varied experiences and perspectives. We understand that no candidate possesses every desired skill and experience, but together, we form a strong, effective team. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

• Conduct in-depth research for detection mechanisms to detect novel and front-line offensive tradecraft – from exploits to implants and End-to-end implementation from offensive PoC to wide-scale deployable detection PoC, necessary development on agent and cloud platforms.
• The current role would focus on Windows Internals low level detections as an opportunity to expand to other areas of interest for attackers.
• Proactively hunt through diverse signal sources across on-premises, hybrid, and cloud environments to uncover sophisticated threats and new techniques.
• Keep up to date with latest trends in cyber-attacks and create robust, sophisticated detection logics across the entire kill-chain.
• Design and implement innovative detection algorithms and automated disruption capabilities that can autonomously identify and neutralize threats across the entire kill-chain.
• Investigate, analyse, and expand MDE security, by exploring real incidents, developing durable protection strategies, and circumventing threats across the entire kill-chain
• Collaborate with multiple product teams to design sensors, implement protection ideas, and validate their effectiveness using a data-driven approach
• Be involved in customer conversations to identify opportunities, gaps, and concerns to improve product protection value
• Author technical blogs and present in security conferences that establish thought leadership of Microsoft Defender in the security community.
  
  

Qualifications

• 8+ years of hands-on experience in cybersecurity research, preferably in endpoint or network-based threat scenarios.
• Deep understanding of Windows OS internals including User & Kernel mode architecture.
• Proven experience in low-level development, preferably in C or C++ on Windows platforms.
• Familiarity with cloud environments (e.g., Azure, AWS) and understanding of security challenges in hybrid or multi-cloud infrastructures.
  
  

Preferred Qualifications

• Strong grasp of modern attacker techniques, including MITRE ATT&CK and full kill-chain methodologies.
• Demonstrated ability to lead end-to-end research efforts from offensive PoC to scalable detection deployment.
• Experience in threat hunting across diverse signal sources (on-prem, hybrid, and cloud).
• Coding proficiency in at least one of the following: C, C++, C#, Python, or Rust.
• Curious, analytical mindset with the ability to thrive in ambiguous and evolving threat landscapes.
• Excellent collaboration and communication skills, with experience working in cross-functional, global teams.
• Background in offensive security research or red teaming.
• Experience in reverse engineering (e.g., using debuggers, disassemblers, analyzing file formats).
• Hands-on knowledge of digital forensics, incident response, or threat intelligence.
• Prior contributions to the security community (e.g., blogs, conference talks, or whitepapers).
• Familiarity with macOS, Linux, or other operating systems at the low level.
  
  

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:

• This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
  
  

#MSFTSecurity #MSFTSecurity #SecurityResearch #AttackDisruption #MTPRIL

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.