Microsoft Senior Security Researcher - Microsoft Defender 

Taiwan, Taoyuan City 

713625873

• 8+ years of hands-on experience in cybersecurity research, preferably in endpoint or network-based threat scenarios.
• Deep understanding of Windows OS internals including User & Kernel mode architecture.
• Proven experience in low-level development, preferably in C or C++ on Windows platforms.
• Familiarity with cloud environments (e.g., Azure, AWS) and understanding of security challenges in hybrid or multi-cloud infrastructures.

• Strong grasp of modern attacker techniques, including MITRE ATT&CK and full kill-chain methodologies.
• Demonstrated ability to lead end-to-end research efforts from offensive PoC to scalable detection deployment.
• Experience in threat hunting across diverse signal sources (on-prem, hybrid, and cloud).
• Coding proficiency in at least one of the following: C, C++, C#, Python, or Rust.
• Curious, analytical mindset with the ability to thrive in ambiguous and evolving threat landscapes.
• Excellent collaboration and communication skills, with experience working in cross-functional, global teams.
• Background in offensive security research or red teaming.
• Experience in reverse engineering (e.g., using debuggers, disassemblers, analyzing file formats).
• Hands-on knowledge of digital forensics, incident response, or threat intelligence.
• Prior contributions to the security community (e.g., blogs, conference talks, or whitepapers).
• Familiarity with macOS, Linux, or other operating systems at the low level.

Other Requirements:Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• Conduct in-depth research for detection mechanisms to detect novel and front-line offensive tradecraft – from exploits to implants and End-to-end implementation from offensive PoC to wide-scale deployable detection PoC, necessary development on agent and cloud platforms. • The current role would focus on Windows Internals low level detections as an opportunity to expand to other areas of interest for attackers. • Proactively hunt through diverse signal sources across on-premises, hybrid, and cloud environments to uncover sophisticated threats and new techniques. • Keep up to date with latest trends in cyber-attacks and create robust, sophisticated detection logics across the entire kill-chain. • Design and implement innovative detection algorithms and automated disruption capabilities that can autonomously identify and neutralize threats across the entire kill-chain. • Investigate, analyse, and expand MDE security, by exploring real incidents, developing durable protection strategies, and circumventing threats across the entire kill-chain • Collaborate with multiple product teams to design sensors, implement protection ideas, and validate their effectiveness using a data-driven approach • Be involved in customer conversations to identify opportunities, gaps, and concerns to improve product protection value • Author technical blogs and present in security conferences that establish thought leadership of Microsoft Defender in the security community.