Microsoft Principal Security Researcher 

Taiwan, Taoyuan City 

645203861

The Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) research team enables global security teams to detect and respond to cyber threats efficiently. By leveraging expert knowledge of the technologies that threats exploit, an attacker mindset, and adapting to a dynamic landscape, we tackle highly sophisticated threats across both cloud and hybrid (cloud + on-prem) attacks.

Your expertise in adversary tradecraft, detection engineering, and large-scale threat modeling will be instrumental in advancing defense strategies that proactively identify and disrupt sophisticated attack campaigns.

Qualifications - Required:

• 7+ years of computer security industry experience with knowledge of adversary tradecraft, security operations, incident response, threat hunting, and of emerging threats and techniques for attacks against modern enterprise environments.
• 3+ years of experience researching, prototyping, and driving engineering requirements for threat protection systems.
• 2+ years of experience hunting for and investigating security incidents at scale with one or more of the following: Azure Synapse, Elasticsearch , BigQuery, SQL, Cosmos, Kusto, or similar systems.

Other Requirements:

• Experience within coding with languages such as C#, Python and/or PowerShell AND language independent data formats such as JSON/ YAML/XML.
• Demonstrated experience in conducting data studies, including the ability to work with available telemetry and drive improvements with engineering teams for previously unexplored data sources.
• Experience using graph technologies and query languages to find security insights such as Neo4j Cypher or Apache TinkerPop Gremlin.
• Demonstrated experience in research and delivery of security features to general availability.
• Experience applying MITRE ATT&CK to assess gaps in threat scenarios and protection coverage across both cloud and hybrid (cloud + on prem) attacks.
• Experience with endpoint, identity, cloud application, cloud infrastructure, email, network and/or other threat detection, and prevention technologies.
• Experience with SOC workflows including threat hunting, detection, response, and threat intelligence.
• Experience with cross-group and interpersonal skills, with the ability to articulate the business need for product improvements and a desire to engage directly with customers.
• Experience with one or more of the following: Azure Functions, Azure Static Web Sites, Azure Containers, Azure DevOps pipelines, Github actions, Github Codespaces, and Jupyter Notebooks.

• Develop and implement Security Research Strategies. Formulate and execute advanced security research initiatives aimed at enhancing the defensive capabilities of large-scale, multi-tenant environments.
• Analyze data from various security domains—including threat intelligence, email, identity, endpoint, network, and cloud sources — to identify and mitigate sophisticated threats.
• Collaborate closely with partner engineering, product management, and threat intelligence teams to push the boundaries of at-scale threat protection innovation
• Design and develop new detection capabilities informed by threat intelligence research to proactively counteract emerging threats.