Security Research (Detection Engineer)

Share job

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate.

Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Are you passionate about cybersecurity and protecting customer data? Do you thrive on identifying threat actors, researching their tactics, techniques, and procedures (TTPs), and writing efficient detections for massive datasets? Are you excited by distributed computing, hybrid architectures, and cloud technologies? If so, the M65 Security Engineering team at Microsoft has an exciting opportunity for you. We are seeking a Security Researcher 2 (Detection Engineer) to develop advanced security detections that protect M365 services from cyberattacks.

Our team values diversity, deep collaboration, and technical excellence. We work across large-scale software systems, security analysis, and machine learning to analyze billions of events daily from M365 products and services (e.g., Exchange, Outlook) and build robust detections. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

• 5–7 years of experience in security research and detection engineering.
• Proven experience handling large-scale datasets, including designing and optimizing detections that operate across billions of events and terabytes of telemetry.
• Hands-on programming experience in Python and/or Scala, with the ability to write scalable, maintainable code for detection logic and automation.
• Proficiency with tools such as SQL, KQL, Jupyter Notebook, and Power BI.
• Experience automating security tasks using scripts or logic apps.
• Familiarity with MITRE ATT&CK or similar frameworks to identify detection gaps.
• Hands-on experience with detection lifecycle, reverse-engineering attacks, and prototyping detections.
• Ability to analyze data flows in cloud environments (e.g., Azure AAD, Azure Resources, event logs, firewalls). Proven track record of building detections for new TTPs and validating their effectiveness.

Preferred Qualifications:

• Research and analyze emerging TTPs targeting M365 systems.emulate attacks in controlled environments.
• Design and implement advanced detections to identify malicious activities within massive, distributed datasets.
• Collaborate with other software engineers, ML specialists, and security analysts in the team to build scalable security solutions. Develop automation tools and processes to streamline detection development and triage workflows.
• Apply insights from penetration testing/security incidents to improve detection coverage and performance.
• Tune detections to optimize signal-to-noise ratio, reduce false positives, and improve triage efficiency.
• Maintain detection metric dashboards and KPIs to measure effectiveness and impact.
• Follow engineering best practices to build maintainable, reliable, and secure detection systems.