Senior Threat Graph Researcher
Microsoft
Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
The Defender Experts (DEX) Research team is at the forefront of Microsoft’s threat protection strategy, combining world-class hunting expertise with AI-driven analytics to protect customers from advanced cyberattacks. Our mission is to move protection left—disrupting threats early, before damage occurs—by transforming raw signals into intelligence that powers detection, disruption, and customer trust. We’re looking for a passionate and curious Senior Threat Graph Researcher to join this high-impact team.
In this role, you will be responsible for designing, building, and analyzing large-scale threat graphs that model adversary behavior, infrastructure, and relationships across the cyber threat landscape. You will collaborate closely with researchers, analysts, and detection engineers at the intersection of graph theory, threat protection, and machine learning, helping to uncover hidden patterns, identify emerging threats, and drive proactive defense strategies to drive research on emerging cloud threats that impact both Microsoft and third-party products. Your research will directly contribute to the development of real-time protections for enterprises worldwide, ensuring comprehensive coverage across cloud platforms and strengthening the security posture of organizations leveraging a heterogeneous mix of technologies. This is a unique opportunity to work at scale, tackle complex cloud security challenges, and shape the evolution of threat research within Microsoft Security.
Responsibilities
We are seeking a Senior Threat Graph Researcher with a deep expertise in modeling, analyzing, and interpreting large-scale threat graphs to advance the frontiers of cloud security. The ideal candidate will possess hands-on experience architecting and deploying graph-based detection solutions, including designing graph schemas, implementing algorithms for malicious pattern discovery, and operationalizing analytics for multi-tenant environments. In this pivotal role, you will lead research on evolving adversary behaviors, innovate new methods for graph intelligence and automated threat disruption, and collaborate cross-functionally to enhance Microsoft Security’s ability to detect, attribute, and neutralize sophisticated attacks. Your work will be instrumental in shaping the next generation of threat graph technologies, empowering the security team to protect complex, heterogeneous cloud ecosystems with actionable insights.
Responsibilities include:
Design and maintain scalable threat graphs that model entities such as devices, identity, threat actors, TTPs, infrastructure, and campaigns.
Lead and execute advanced research to develop algorithms and heuristics to detect malicious patterns and relationships within graph data on emerging cloud-based threats impacting Microsoft and third-party security products across heterogeneous cloud environments.
Collaborate with threat protection researchers, data scientists, and detection engineers to enrich graph models with contextual insights and refine detection and response strategies, to provide comprehensive threat coverage and response capabilities.
Research and prototype novel graph-based techniques for threat detection, attribution, and prioritization in collaboration with internal and external security teams.
Translate complex raw security data into actionable graph intelligence that enhances the effectiveness of security operations for a global customer base.
Mentor, guide, and drive best practices among researchers and detection engineers on advanced graph-based threat hunting and incident response across diverse ecosystems.
Contribute to industry knowledge and Microsoft’s security posture by publishing research, developing threat graph models, and proactively identifying threats and attack trends in the cloud.
Qualifications
5+ years of experience in security research, detection engineering, threat lifecycle, cloud security in large-scale in complex cloud environments.
Strong understanding of graph theory, graph databases (e.g., Neo4j, TigerGraph), and graph analytics with proficiency in Python or similar languages for data analysis and prototyping.
Experience working with large-scale datasets, distributed systems and graph analytics projects.
Ability to translate complex threat data into graphs and actionable insights.
Experience with machine learning or statistical modelling applied to graph data.
Proven ability to lead and execute advanced research on emerging cloud-based threats affecting both Microsoft and third-party security products across heterogeneous cloud environments.
Knowledge of adversary infrastructure tracking, malware analysis, or campaign clustering.
Extensive hands-on experience with cloud platforms—including, but not limited to, Azure—as well as a deep understanding of multi-cloud security challenges and solutions.
Proven ability to work independently and deliver complete solutions and effectively articulate technical insights to influence multidisciplinary teams.
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.