As a principal-level security researcher on Microsoft’s Threat Protection Research Purple Team, you will design and execute advanced adversary simulations using both human-driven and AI-enabled methods to test the effectiveness of Microsoft Defender technologies. Your daily tasks include collaborating with engineering teams to enhance detection coverage and response strategies, analyzing telemetry data with Kusto/KQL to identify gaps in protection, and translating attacker tradecraft into actionable insights for defenders. You will also leverage MITRE ATT&CK frameworks to map adversary behavior and contribute to AI-driven automation of simulation workflows. This role requires expertise in threat intelligence, incident response, and SOC operations, along with advanced knowledge of cybersecurity tools like Defender and a strong background in large-scale computing and software development.
Skills
KQL
MITRE ATT&CK
Python
Azure
Kubernetes
Terraform
Docker
CI/CD
PostgreSQL
Prometheus
Grafana
Ansible
Git
Jenkins
Linux
Windows
AWS
Google Cloud Platform
JSON
YAML
REST APIs
What you'll do
Design and execute purple team simulations to emulate real-world threats using both human-driven and AI models.
Analyze detection coverage and response effectiveness by partnering with engineering and threat intelligence teams.
Use Kusto/KQL to validate detection logic, uncover gaps, and measure signal quality at scale.
Translate attacker tradecraft into actionable insights for defenders, including detection recommendations and investigation improvements.
Design and leverage agentic systems to automate simulation workflows and accelerate post-simulation analysis.
What we're looking for
8+ years of experience in incident response, threat hunting, and SOC operations.
Advanced knowledge of MITRE ATT&CK framework and threat modeling methodologies.
Experience with large-scale computing, software development lifecycle, and cybersecurity research.
Proficiency in analyzing telemetry using Kusto/KQL for detection validation and gap identification.
Security certifications such as GCIA, GMON, GCIH, or CISA.
Market check
Salary context
This
$142,800–$274,800
range sits above
67%
of similar postings on FindRole.
Peer median band
$119,900–$234,000
Median floor and ceiling across peers.
Typical midpoint (25–75%)
$154,287–$214,500
Middle half of comparable postings.
Based on 240 comparable postings.*
* 240 is the maximum number of comparable postings sampled.
Employer
About Microsoft
Microsoft Corporation is a global technology leader producing software, hardware, and cloud services including Windows, Office 365, Azure cloud platform, Xbox gaming, and Surface devices. Industry: Software & Cloud Computing
Microsoft currently has
451 open roles
on FindRole.
Listed pay typically runs
$119,800–$234,700
across 417 roles with salary data.