Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Conducting Research

• Leads efforts to clean, structure, enrich, and standardize data and data sources to prepare them for analysis. Leads data quality efforts to ensure timely and consistent access to data sources, ensuring proper protocols and privacy regulations are followed in cleaning efforts. Curates sources of data and partners to develop and sustain data access across teams. Incorporates new data sources consistent with corporate data privacy standard.
• Identifies and conducts research into critical security areas of Microsoft, supported, and/or competitor products vulnerable to exploitation, current or potential future attacks, adversary tracking, and/or academic literature. Researches, analyzes, and summarizes security threats and shares results across teams to incorporate into future research or as enhancements in alignment with security initiatives. Partners cross-functionally (e.g., across disciplines, teams, security versus non-security) to design solutions to prevent, detect, and/or disrupt attacks, including for integration in or addition to new/existing products or features. Leverages artificial intelligence (AI) workflows to understand research operations and how customers use Microsoft products and identifies opportunities for solutions to deliver protection. Creates security analysis plan that aligns product timelines, interdependencies, risks, and feature scopes.
• Analyzes complex issues using multiple data sources across the threat landscape to develop insights and identify security vulnerabilities and threats. Understands operational needs to ensure security solutions work within parameters. Identifies and recommends process improvements and adopts best practices. Recommends prioritization and validation methodologies for technical indicators to identify and track threat actors or attacker activity. Synthesizes data to generate trends, patterns and insights on technical indicators of threats. Develops or leverages tools (e.g., artificial intelligence) to optimize data analysis and processes.

Industry Leadership

• Uses subject matter expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities). Researches and maintains knowledge of industry trends, technologies, tools, securities, and advances. Contributes to internal and external community through publications, white papers, seminars, or conferences, shaping understanding of threat protection in real-world impact and storytelling. Develops deployment and security configuration standards to ensure technologies are deployed in a secure fashion.

Orchestration

• Leverages established procedures to ensure the integrity of tools, techniques, and information of security practices, building trust with and protecting customers.. Assesses efficacy of operational security (e.g., red teaming and penetration testing) measures. Develops techniques to measure and improve operational security.
• Investigates, diagnoses, triages, and remediates Microsoft and/or customer security incidents, deepening trust through proactive customer connection and crisis and incident response. Conducts postmortem and root cause analyses for security incidents to identify trends, patterns, and issues, including protection gaps that need to be addressed. Creates repair items, tools, and/or systems to support incident management. Supports managing incidents with multiple bridges and leverages Incident Management System(s) to update stakeholders during and after incidents.
• Leads large-scale security reviews, including architectural and design reviews, and synthesizes findings in analysis reports. Implements best practices for security architecture, design, and development across feature areas and teams. Evaluates security risks and impact to the affected services and partners with others to remove blockers and mitigate risks. Monitors and responds to security events, potential vulnerabilities, exposures, and policy compliance issues, escalating as needed.

Solution Generation

• Solves classes of issues in technical implementation and automation of solutions related to specific kinds of security issues (e.g., security posture, signature-based detection, malware, threat analysis, reverse engineering, attack disruption, anomaly detection). Works across disciplines to identify and develop improvements in solutions and methods.
• Identifies, prioritizes, and addresses security issues, escalating as needed. Leads implementation of mitigations, responses, and remediations for security issues for a feature area. Proactively leverages established feedback channels to gather and synthesize input from customers and partners on security needs. Partners with internal and external stakeholders to translate feedback and proposes improvement to security practices and solutions. Contributes to the development of guidelines, models, and best practices to advocate for customer and partner security needs and deliver protection through security products (e.g., Microsoft Defender, Microsoft Sentinel).

• Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection 
  • OR equivalent experience.

Other Requirements: 

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: