Principal Security Research - Microsoft Security

Microsoft
Microsoft

Illinois, USA

Posted on Jul 1, 2026
Overview

Microsoft Security aspires to make the world a safer place for all. We empower every user, customer, and developer with a security cloud that protects them with end-to-end, simplified solutions across heterogeneous environments — and across our own internal estate. Our culture is centered on a growth mindset, inspiring excellence, and bringing our best each day to create innovations that impact billions of lives.

Come build one of Microsoft's most exciting security products: Identity Threat Detection and Response (ITDR). As cyber-attacks grow more sophisticated, we help enterprises detect, investigate, and autonomously protect against advanced identity-based attacks and data breaches — from nation-state actors to large-scale ransomware operators. Our research team combines deep knowledge of the attacker landscape and tradecraft to deliver the innovations needed to uncover and stop even the most well-funded adversaries.

We are seeking a Principal Security Researcher to set the technical direction for a critical area of our identity protection charter, drive multi-quarter research agendas end-to-end, and raise the bar of the team through mentorship and influence. You will partner with engineering, PM, data science, and other research teams across Microsoft to shape strategy, and you will represent our research externally through publications, talks, and industry engagement. We expect our Principal researchers to fluently leverage Generative AI and to actively shape how the team applies it — turning AI assistance into a durable force multiplier across investigation, detection authoring, and customer protection at Microsoft scale.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.



Responsibilities

  • Set the technical direction for a major area of our identity protection research charter, owning the multi-quarter strategy from threat landscape framing to shipped detection and measurable customer protection impact.
  • Drive multiple concurrent end-to-end research initiatives, breaking ambiguous problems into tractable workstreams and unblocking the team on the hardest technical questions.
  • Lead deep investigation and research of data across identity and adjacent sources to surface novel threats, attacker tradecraft, and detection opportunities others miss.
  • Stay ahead of the evolving attacker landscape and design robust, sophisticated detection logics across the entire kill-chain — raising the bar on quality, coverage, and resilience to attacker evasion.
  • Influence across organizational boundaries — partner with product management, engineering, data science, and peer research teams to shape product strategy, define new identity protection capabilities, and align roadmaps on a data-driven foundation.
  • Mentor and grow other researchers, elevating the technical bar of the team through code/design review, research coaching, and apprenticeship on complex investigations.
  • Shape how the team and discipline leverage Generative AI — define patterns, evaluate tools, and build durable AI-assisted workflows that scale research throughput across data triage, hypothesis generation, code and KQL authoring, and detection synthesis.
  • Represent Microsoft Security externally through high-quality research publications, conference talks, blog posts, and engagement with the broader security research community.


Qualifications
  • You have at least 10+ years of cyber security experience, including 4+ years working hands-on with identity-based attacks (research, hunting, or detection engineering) on top of the modern attacker kill-chain and MITRE ATT&CK.
  • You have passion for defensive work - hunting, investigation, detection authoring, and protection enforcement design — with a track record of owning research end-to-end, from threat hypothesis to shipped detection and customer impact.
  • You have Windows internals knowledge, along with working knowledge of the main identity protocols (e.g., Kerberos, NTLM, LDAP, OAuth 2.0, SAML).
  • You demonstrated fluency leveraging Generative AI tools (e.g., GitHub Copilot, Security Copilot, ChatGPT/Claude) to multiply daily research output — including prompt design, model-output validation, and integrating AI assistance into investigation, coding, and detection authoring.

Preferred Qualifications:

  • B.Sc./M.Sc. in Computer Science or related technical discipline.
  • Good knowledge of at least one programming language such as C# (preferred), Python, or C++, and at least one query language such as KQL, SQL, or Cypher.
  • Experience with Windows and/or Cloud forensics — key artifacts around credential theft and lateral movement across on-prem and hybrid identity environments.
  • Experience authoring security research (papers, blogs, conference talks such as BlueHat / Black Hat / DEF CON, or CVEs).
  • Experience building or applying AI/LLM-assisted workflows for security research, detection engineering, or threat intelligence at scale.
  • Established external thought leadership in the security research community — e.g., authored research papers, conference talks (Black Hat, DEF CON, USENIX, RSA, BlueHat, or equivalent), high-impact blogs, CVEs, or open-source contributions.
  • Excellent cross-group, leadership, and interpersonal skills, with the ability to influence without authority.

#MSFTSecurity #ITDR #IdentityProtection #SecurityCopilot #GenAI #PrincipalEngineer


This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.




Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.