Microsoft Principal Security Researcher 

United States, Washington 

410668106

Required/Minimum Qualifications:

• 7+ years experience in software development lifecycle, cloud security, large-scale computing, modeling, cybersecurity, and/or anomaly detection
  • OR Doctorate in Statistics, Mathematics, Computer Science or related field
• 5+ years of experience with Security subject matter knowledge, capable of understanding the technical details of Root-Cause Analysis and antipatterns & Researcher Ability to dive into the technical differences and properties of Root-Cause Analysis and antipatterns.
• Working knowledge of cloud service development, static analysis, and CI/CD.
• Understanding of security attack techniques used in real-world scenarios, spanning both large-scale and targeted attacks.
• Experince working with published research and the ability to collaborate across the research community.
• Proficiency in C# / Python / PowerShell development.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Additional or Preferred Qualifications

• 8+ years experience in software development lifecycle, cloud security, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• OR Doctorate in Statistics, Mathematics, Computer Science or related field.

• Have a good understanding of graph relational database.
• Responsible for optimizing the runtime of the distributed system and the query engine to achieve ambitious performance goals right from the entry point of the cloud to the lowest layer in the architecture and everything in between.
• Experience with Leveraging the standard authorization engine of the cloud for secure access control across the system while not compromising on the performant corpus query-ability scale.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

• Investigate, analyze, and expand upon security research and real incidents to develop durable detection strategies across the entire kill-chain
• Collaborate with multiple product teams to design sensors, implement detection ideas, and validate their effectiveness using a data-driven approach
• Collaborate with data science teams to understand and identify detection gaps, capabilities, assumptions, and improvements
• Be involved in customer conversations in order to identify opportunities, gaps and concerns
• Responsible for the technical design and vision for building the necessary underlying systems to enable query-ability on the massively large, connected graph cloud inventory to serve billions of resources per day to the callers.
• Work directly on security reviews, formidable & complex automation and remediation workflows across multiple antipatterns.
• Engineer mitigations for subcategories of Root-Cause Analysis (RCA) and antipatterns that we observe based on trends.
• Delivers shift-left mitigations that are designed to eliminate/prevent subcategories of Root-Cause Analysis and antipatterns.
• Identify patterns of failure and Root-Cause Analysis through Machine Learning / ArtificiaI Intelligence prediction for components
• Understand the most important subcategories of Root-Cause Analysis and antipatterns observed through ongoing trend analysis.
• Identifying the “top” Root-Cause Analysis and antipattern categories based on trends.
• Identifying representative subcategories for Root-Cause Analysis and antipatterns for which mitigation Research & Development should be pursued.
• Measuring the impact of mitigations that have been implemented in terms of trend data.
• Analyzing Root-Cause Analysis and antipattern trends that are being observed from incidents, red team ops, and internal/external vulnerability reports.
• Collaborate with other researchers, coordinators, and developers to improve the protection capabilities of the products research, design, and develop shift-left mitigations for subcategories of Root-Cause Analysis and antipatterns, such as in the form of static analysis rules, dynamic analysis rules, platform changes, and so on.