Security Research

Hyderabad, Telangana, India

Date posted

Sep 10, 2025

Job number

Work site

3 days / week in-office

Travel

0-25%

Role type

Individual Contributor

Profession

Security Engineering

Discipline

Security Research

Employment type

Full-Time

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate.

Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Are you passionate about cybersecurity and protecting customer data? Do you thrive on identifying threat actors, researching their tactics, techniques, and procedures (TTPs), and writing efficient detections for massive datasets? Are you excited by distributed computing, hybrid architectures, and cloud technologies? If so, the M65 Security Engineering team at Microsoft has an exciting opportunity for you. We are seeking a Security Researcher 2 (Detection Engineer) to develop advanced security detections that protect M365 services from cyberattacks.

Our team values diversity, deep collaboration, and technical excellence. We work across large-scale software systems, security analysis, and machine learning to analyze billions of events daily from M365 products and services (e.g., Exchange, Outlook) and build robust detections. Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

• 5–7 years of experience in security research and detection engineering.
• Proven experience handling large-scale datasets, including designing and optimizing detections that operate across billions of events and terabytes of telemetry.
• Hands-on programming experience in Python and/or Scala, with the ability to write scalable, maintainable code for detection logic and automation.
• Proficiency with tools such as SQL, KQL, Jupyter Notebook, and Power BI.
• Experience automating security tasks using scripts or logic apps.
• Familiarity with MITRE ATT&CK or similar frameworks to identify detection gaps.
• Hands-on experience with detection lifecycle, reverse-engineering attacks, and prototyping detections.
• Ability to analyze data flows in cloud environments (e.g., Azure AAD, Azure Resources, event logs, firewalls). Proven track record of building detections for new TTPs and validating their effectiveness.

Preferred Qualifications:

• Bachelor's degree in related discipline such as computer security, computer science, computer engineering or information technology.
• Deep understanding of adversary and cyber intel frameworks such as kill-chain model, ATT&CK framework, Diamond Model and Advanced Persistent Threat (APT) performing Detection and research within Cloud environments.
• Deep and practical OS security/internals knowledge for Linux and Windows Hands-on experience building Azure-based services with Azure Resource Manager (ARM), ARM templates, ARM policy, IaaS, VMSS, KeyVault, EventHub, Azure Active Directory (AAD), etc.
• Hands-on experience with developer environment tools like Continuous Integration/Continuous Delivery (CI/CD), Azure DevOps, GitHub, and Agile Scrum Ability to work effectively in ambiguous situations and respond favourably to change.
• Self-motivated and comfortable working in a startup mode on a new team where there is lots of opportunity. Certifications like GCIA, GSLC, GCIH, CISM, CISSP, CEH, etc. are plus.

• Research and analyze emerging TTPs targeting M365 systems.emulate attacks in controlled environments.
• Design and implement advanced detections to identify malicious activities within massive, distributed datasets.
• Collaborate with other software engineers, ML specialists, and security analysts in the team to build scalable security solutions. Develop automation tools and processes to streamline detection development and triage workflows.
• insights from penetration testing/security incidents to improve detection coverage and performance.
• Tune detections to optimize signal-to-noise ratio, reduce false positives, and improve triage efficiency.
• Maintain detection metric dashboards and KPIs to measure effectiveness and impact.
• Follow engineering best practices to build maintainable, reliable, and secure detection systems.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.



Industry leading healthcare



Educational resources



Discounts on products and services



Savings and investments



Maternity and paternity leave



Generous time away



Giving programs



Opportunities to network and connect

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.