This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
The Defender Experts (DEX) Research team is at the forefront of Microsoft’s threat protection strategy, combining world-class hunting expertise with AI-driven analytics to protect customers from advanced cyberattacks. Our mission is to move protection left—disrupting threats early, before damage occurs—by transforming raw signals into intelligence that powers detection, disruption, and customer trust.
Job Responsibility:
Design and maintain scalable threat graphs that model entities such as devices, identity, threat actors, TTPs, infrastructure, and campaigns
Execute advanced research to develop algorithms and heuristics to detect malicious patterns and relationships within graph data on emerging cloud-based threats impacting Microsoft and third-party security products across heterogeneous cloud environments
Collaborate with threat protection researchers, data scientists, and detection engineers to enrich graph models with contextual insights and refine detection and response strategies, to provide comprehensive threat coverage and response capabilities
Research and prototype novel graph-based techniques for threat detection, attribution, and prioritization in collaboration with internal and external security teams
Translate complex raw security data into actionable graph intelligence that enhances the effectiveness of security operations for a global customer base
Mentor, guide, and drive best practices among researchers and detection engineers on advanced graph-based threat hunting and incident response across diverse ecosystems
Contribute to industry knowledge and Microsoft’s security posture by publishing research, developing threat graph models, and proactively identifying threats and attack trends in the cloud
Requirements:
Strong understanding of graph theory, graph databases (e.g., Neo4j, TigerGraph), and graph analytics with proficiency in Python or similar languages for data analysis and prototyping
Experience working with large-scale datasets, distributed systems and graph analytics projects
Ability to translate complex threat data into graphs and actionable insights
Experience with machine learning or statistical modelling applied to graph data
Proven ability to execute advanced research on emerging cloud-based threats affecting both Microsoft and third-party security products across heterogeneous cloud environments
Knowledge of adversary infrastructure tracking, malware analysis, or campaign clustering
Extensive hands-on experience with cloud platforms—including, but not limited to, Azure—as well as a deep understanding of multi-cloud security challenges and solutions