Principal Security Researcher | Microsoft Careers

Microsoft

Actively hiring Posted this week

US Posted 2 days ago $142,800–$274,800 / year

View original post Log in to save

At a glance

AI generated

TL;DR

As a principal-level security researcher on Microsoft’s Threat Protection Research Purple Team, you will design and execute advanced adversary simulations using both human-driven and AI-enabled methods to test the effectiveness of Microsoft Defender technologies. Your daily tasks include collaborating with engineering teams to enhance detection coverage and response strategies, analyzing telemetry data with Kusto/KQL to identify gaps in protection, and translating attacker tradecraft into actionable insights for defenders. You will also leverage MITRE ATT&CK frameworks to map adversary behavior and contribute to AI-driven automation of simulation workflows. This role requires expertise in threat intelligence, incident response, and SOC operations, along with advanced knowledge of cybersecurity tools like Defender and a strong background in large-scale computing and software development.

Skills

KQL MITRE ATT&CK Python Azure Kubernetes Terraform Docker CI/CD PostgreSQL Prometheus Grafana Ansible Git Jenkins Linux Windows AWS Google Cloud Platform JSON YAML REST APIs

What you'll do

Design and execute purple team simulations to emulate real-world threats using both human-driven and AI models.
Analyze detection coverage and response effectiveness by partnering with engineering and threat intelligence teams.
Use Kusto/KQL to validate detection logic, uncover gaps, and measure signal quality at scale.
Translate attacker tradecraft into actionable insights for defenders, including detection recommendations and investigation improvements.
Design and leverage agentic systems to automate simulation workflows and accelerate post-simulation analysis.

What we're looking for

8+ years of experience in incident response, threat hunting, and SOC operations.
Advanced knowledge of MITRE ATT&CK framework and threat modeling methodologies.
Experience with large-scale computing, software development lifecycle, and cybersecurity research.
Proficiency in analyzing telemetry using Kusto/KQL for detection validation and gap identification.
Security certifications such as GCIA, GMON, GCIH, or CISA.

Market check

Salary context

This $142,800–$274,800 range sits above 66% of similar postings on FindRole.

Peer median band

$122,500–$234,000

Median floor and ceiling across peers.

Typical midpoint (25–75%)

$155,000–$214,500

Middle half of comparable postings.

Based on 240 comparable postings.

* 240 is the maximum number of comparable postings sampled.

Employer

About Microsoft

Microsoft Corporation is a global technology leader producing software, hardware, and cloud services including Windows, Office 365, Azure cloud platform, Xbox gaming, and Surface devices. Industry: Software & Cloud Computing

Microsoft currently has 534 open roles on FindRole.

Listed pay typically runs $119,800–$234,700 across 488 roles with salary data.

Most-posted roles

View all roles at Microsoft

Similar roles

| Microsoft Careers

Microsoft

US 17 days ago $142,800–$274,800

Python C Go MITRE ATT&CK Kubernetes AWS Azure GCP Terraform Docker CI/CD LLM-driven workflows Agentic systems Threat intelligence Malware development Reverse engineering Exploit development Adversary emulation Offensive security

| Microsoft Careers

Microsoft

US 44 days ago $119,800–$234,700

Kusto SQL OAuth OIDC SAML PKI MFA Python Azure CI/CD Linux Git Docker Prometheus Grafana PostgreSQL Jupyter Terraform Ansible

| Microsoft Careers

Microsoft

US 16 days ago $102,100–$202,200

Python Java JavaScript C C++ C# OAuth OpenID Connect SAML CI/CD

| Microsoft Careers

Microsoft

US 59 days ago

Python PyTorch TensorFlow ReinforcementLearning DeepLearning LargeLanguageModels RLLib CUDA Git GitHub CI/CD NeurIPS ICLR ICML OpenAI CLI APIs GUI SyntheticEnvironments MultiAgentSystems

| Microsoft Careers

Microsoft

US 45 days ago

Azure Kubernetes CI/CD Terraform Python PostgreSQL FedRAMP ITAR DFARS Zero Trust AWS Grafana Prometheus Docker DevOps