Principal Security Researcher

Senior • Hybrid • On-site

$139,900 - $274,800/yr

Overview

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Our research team is dedicated to build products and features that deliver protection to Microsoft customers who want to safely use AI, Agents and Cloud/SaaS services. The team's mission is to research the threat landscape and common attack vectors across AI, Identity and Applications and anticipate techniques that will be abused by sophisticated and emerging threat actors. If you believe that cyberattacks can unfold without ever dropping an executable on disk and that today an access token or an AI prompt pose greater risk than a PowerShell script, this role offers the opportunity to make a meaningful impact.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Qualifications

Required Qualifications:

- Doctorate in relevant field AND 3+ years related reasearch experience
- OR equivalent experience.
3+ years of experience of in Identity security research.
Proven experience in cybersecurity, with deep understanding of the modern attacker kill-chain, MITRE ATT&CK framework, and evolving enterprise threats—particularly those targeting identity systems and infrastructure or AI systems.
Knowledge of LLM/AI fundamentals and internals, common Agentic frameworks and architectures.
Experience in at least one programming language such as Python or C#, and one query language such as PySpark or Kusto Query Language (KQL).

Preferred Qualifications:

Demonstrate a strong passion for problem-solving and a track record of delivering novel approaches in the cybersecurity domain.
Foster a culture of collaborative innovation, encouraging knowledge sharing and joint problem-solving to accelerate impact and drive continuous improvement in threat detection and response capabilities.
Demonstrated experience as subject matter expert recognized by research community or as speaker at public conferences.
Experience in analyzing large-scale datasets (e.g., billions of events per day) to uncover patterns, detect anomalies, and drive threat intelligence.

Other Requirements
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
- This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Research Sciences IC5 - The typical base pay range for this role across the U.S. is USD $139,900 - $274,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $188,000 - $304,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until June 28, 2025.

#MSFTSecurity #AI #Identity #CloudSec

Responsibilities

Stay on top of novel AI, Identity and Cloud attacks by performing individual, hands-on research on cutting edge techniques and by studying publications from security research community or intelligence derived from notable attacks - deeply understand the threat landscape when applied to modern AI, identity and cloud technology stack and be familiar with strength/gaps of current protection solutions and tools in this space - operate as cross-org technical lead and expert for the team by connecting the dots across research and engineering and by building working prototypes (PoC) to accelerate innovation - develop well-written research plans, gap analysis documents, strategy roadmap including also initial design of new security features and tools - influence broader security community and customers with novel research publications, blogs, conference talks acting as subject matter expert.

Other : Embody our Culture and Values

Microsoft

Microsoft is a global technology company that focuses on empowering every person and organization to achieve more. With a mission to deliver the core infrastructure and foundational technologies for Microsoft's online businesses, including Bing, MSN, Office 365, Xbox Live, Teams, OneDrive, and the Microsoft Azure platform, the company is dedicated to powering the 'Intelligent Cloud' mission. Microsoft values respect, integrity, and accountability, and fosters a culture of inclusion where employees can thrive. The company is committed to continuous improvement and collaboration to drive innovation and provide high-quality results to customers. With a diverse and inclusive workforce, Microsoft is an equal opportunity employer.