Expoint – all jobs in one place
Finding the best job has never been easier
Limitless High-tech career opportunities - Expoint

Microsoft Senior Security Researcher - Microsoft Defender 
Taiwan, Taoyuan City 
685739104

Yesterday
Qualifications
  • 8+ years of hands-on experience in cybersecurity research , preferably in endpoint or network-based threat scenarios.
  • Deep understanding of Windows OS internals including User & Kernel mode architecture.
  • Proven experience in low-level development , preferably in C or C++ on Windows platforms.
  • Familiarity with cloud environments (e.g., Azure, AWS) and understanding of security challenges in hybrid or multi-cloud infrastructures .
  • Strong grasp of modern attacker techniques, including MITRE ATT&CK and full kill-chain methodologies.
  • Demonstrated ability to lead end-to-end research efforts from offensive PoC to scalable detection deployment.
  • Experience in threat hunting across diverse signal sources (on-prem, hybrid, and cloud).
  • Coding proficiency in at least one of the following: C, C++, C#, Python, or Rust .
  • Curious, analytical mindset with the ability to thrive in ambiguous and evolving threat landscapes.
  • Excellent collaboration and communication skills, with experience working in cross-functional, global teams.
Preferred Qualifications
  • Background in offensive security research or red teaming .
  • Experience in reverse engineering (e.g., using debuggers, disassemblers, analyzing file formats).
  • Hands-on knowledge of digital forensics , incident response, or threat intelligence.
  • Prior contributions to the security community (e.g., blogs, conference talks, or whitepapers ).
  • Familiarity with macOS, Linux , or other operating systems at the low level.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.


Responsibilities
  • Conduct in-depth research to develop detection mechanisms for novel and advanced offensive techniques — from exploits to implants.

  • Lead end-to-end implementation efforts: from offensive proof-of-concept (PoC) to scalable, deployable detection logic across agent and cloud platforms.

  • Focus on low-level Windows Internals –based detections, with the opportunity to expand into additional high-impact attacker surfaces.

  • Proactively hunt across diverse signal sources — including on-premises, hybrid, and cloud environments — to uncover stealthy threats and emerging attack techniques.

  • Stay current with the latest cyberattack trends and design robust, sophisticated detection logic across the full attacker kill-chain.

  • Build and implement innovative automated disruption capabilities that autonomously detect and mitigate attacks in real time.

  • Investigate real-world incidents to improve protection strategies and enhance the Microsoft Defender for Endpoint (MDE) product.

  • Collaborate with engineering and product teams to design security sensors, validate protection ideas, and measure effectiveness using data-driven approaches.

  • Engage with customers to identify product gaps, share insights, and enhance protection coverage based on real-world needs.

  • Contribute to the broader security community by authoring technical blogs , sharing research findings, and presenting at leading security conferences .