Security Researcher

Security represents the most critical priorities for our customers in a world awash in digital threats regulatory scrutiny and estate complexity Microsoft Security aspires to make the world a safer place for all We want to reshape security and empower every user customer and developer with a security cloud that protects them with end to end simplified solutions The Microsoft Security organization accelerates Microsoft s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms devices and clouds in our customers heterogeneous environments as well as ensuring the security of our own internal estate Our culture is centered on embracing a growth mindset a theme of inspiring excellence and encouraging teams and leaders to bring their best each day In doing so we create life-changing innovations that impact billions of lives around the world If you are passionate about offensive security adversary tradecraft and designing real-world attack simulations the M365 Security Engineering team at Microsoft offers a unique opportunity to emulate advanced threats and strengthen defenses that protect millions of customers worldwide Our Assume Breach team focuses on detecting and replicating sophisticated adversary tactics techniques and procedures TTPs used against Microsoft s cloud services platforms and enterprise environments We value creativity technical depth and collaboration bringing together specialists in detection engineering adversary emulation threat intelligence and incident response You will join a team dedicated to catching adversaries by simulating nation-state and cybercriminal behaviors developing custom tooling and running purple team engagements that drive measurable security improvements and ensure our detections remain effective against evolving threats As part of this team you will design attack simulations that are realistic repeatable and reflective of the latest adversary tradecraft You will work closely with Detection Engineers Data Scientists and Incident Responders to validate detection coverage uncover blind spots and continuously raise the bar for detection and response Leveraging massive-scale telemetry across Microsoft 365 and Azure you will plan and execute adversary emulation campaigns build Python-based automation and payloads and operationalize new TTPs directly influencing Microsoft s ability to defend against the world s most advanced attackers Microsoft s mission is to empower every person and every organization on the planet to achieve more As employees we come together with a growth mindset innovate to empower others and collaborate to realize our shared goals Each day we build on our values of respect integrity and accountability to create a culture of inclusion where everyone can thrive at work and beyond In alignment with our Microsoft values we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day Responsibilities Plan design and execute adversary emulation campaigns aligned with MITRE ATT CK and current threat intelligence Develop custom scripts payloads and automation frameworks primarily in Python with PowerShell C or Go as needed to simulate advanced attacker techniques Extend and maintain adversary emulation toolkits and C2 frameworks Collaborate with detection engineers data scientists to validate detection efficacy identify blind spots and improve detection coverage against TTPs Automate repeatable attack scenarios data collection and reporting for scale and consistency Participate in purple team exercises to accelerate detection and response maturity across the M365 ecosystem Document attack scenarios technical findings and mitigation recommendations to drive systemic improvements Qualifications 5 years of experience in red teaming adversary emulation offensive security research or penetration testing Strong Python development skills for building custom tools automation and attack simulations Proficiency in at least one additional language e g PowerShell Go or C Solid understanding of attacker tradecraft including persistence privilege escalation lateral movement and defense evasion Experience with red team adversary simulation frameworks Cobalt Strike Caldera or similar Deep knowledge of Windows internals Active Directory and enterprise cloud environments Azure or equivalent Preferred Qualifications Experience building automation pipelines for adversary simulation and reporting Familiarity with Exploit Development Familiarity with endpoint detection and response EDR products and detection engineering Experience in cloud-scale environments Office 365 Azure AWS or GCP Reverse engineering or malware development experience Strong written and verbal communication skills for documenting and explaining technical findings Microsoft is an equal opportunity employer All qualified applicants will receive consideration for employment without regard to age ancestry color family or medical care leave gender identity or expression genetic information marital status medical condition national origin physical or mental disability political affiliation protected veteran status race religion sex including pregnancy sexual orientation or any other characteristic protected by applicable laws regulations and ordinances If you need assistance and or a reasonable accommodation due to a disability during the application or the recruiting process please send a request via the