We are Cloud Threat protection Research team within Microsoft Threat Protection, working at the heart of how Microsoft protects cloud and AI workloads at global scale. Our research directly informs and powers protections in Microsoft Defender, where we study real attacker behaviour, analyse production incidents, and design defences that protect some of the world’s largest enterprises, governments, and critical infrastructure. The problems we work on are current, complex, and high‑impact—rooted in how modern cloud platforms are actually attacked and defended.

Our culture is trust‑based and impact‑driven. Researchers on the team have meaningful ownership over their work, the freedom to challenge assumptions, and close collaboration with product and engineering partners to ensure ideas translate into protections that ship and scale. The team brings together globally recognized cloud security researchers and AI experts—highly skilled, passionate professionals committed to continuous innovation and customer protection in an ever‑evolving threat landscape.

We value technical depth, clarity of thinking, and customer empathy, and we actively support growth through mentorship, technical leadership, patents, publications, and cross‑team and geo collaborations. If you’re motivated by solving hard security problems, seeing your work make a real difference in production systems, and growing alongside strong peers, this is a team where you can do the best work of your career.

• Research real‑world hybrid threats across cloud services, end point, identity and AI systems
• Analyze live attacker behavior and production incidents to build high‑signal detections
• Design multi‑cloud and enterprise protections that ship in Microsoft Defender
• Collaborate closely with product, engineering, and global research teams to turn ideas into impact
• Partner with strong in‑house AI teams to advance AI security, detection quality, and explainability
• Build innovative tools, automation, and research prototypes at global scale
• Operate in a high‑trust, ownership‑driven team culture that values technical depth and innovation

• 7+ years of experience in cybersecurity, with strong hands-on understanding of the modern attacker kill chain, MITRE ATT&CK framework, and evolving cloud-based threats, including attacks targeting Enterprise Apps, and emerging AI-driven applications.
• Proven experience securing cloud and containerized environments, with hands‑on knowledge of Azure, AWS, and/or GCP, and technologies such as Kubernetes, container platforms, Storage, Key Vault, DNS and cloud services .
• Deep knowledge of adversary tooling, red team frameworks, and attacker techniques, with the ability to analyze, simulate, and interpret real-world attacker behaviors across cloud ecosystems.
• Proficiency in at least one programming language (e.g., Python, C, or C++) for building research prototypes, internal tools, automation, or detection logic.
• Strong proficiency in query languages such as KQL, SQL, or Cypher for large-scale telemetry analysis, threat hunting, behavioral investigations, and detection validation.
• Experience working with large-scale datasets to support detection development, proactive threat hunting, behavioral analytics, and signal quality improvement.
• Strong collaboration and communication skills, with the ability to clearly articulate research insights, influence product and engineering decisions, and work effectively with partner teams, including Engineering, Data Science, and incident response stakeholders.
• Bachelor’s or Master’s degree in Computer Science, Engineering, or a related technical discipline, or equivalent practical experience in security research or threat detection.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.