CrawlJobs Logo

Principal Threat Research Lead

India, Hyderabad · Job Posted July 03, 2026
Apply Position
Job Link Share

Job Description

Protecting billions of users and the world’s largest digital estates is among the hardest and highest-stakes challenges in technology. Microsoft Security exists to meet it — empowering every user, customer, and developer with end-to-end, simplified protection across heterogeneous, multi-cloud environments, while securing Microsoft’s own global estate. Our culture is built on a growth mindset, a drive for technical excellence, and the expectation that we bring our best each day to innovations that impact billions of lives. Microsoft Security Research (MSecR) is the research engine behind Microsoft’s protection stack — turning planetary-scale telemetry, adversary intelligence, and AI-driven systems into proactive detection, disruption, and pre-emption of advanced threats. We work across the full estate — endpoint, identity, email, cloud apps, SaaS, and multi-cloud infrastructure — shifting protection left by transforming raw signal into actionable intelligence and production-grade detections. We are actively building the next generation of agentic, AI-assisted investigation and detection systems that change how defenders operate at scale. We are seeking a Principal Threat Research Lead to drive next-generation threat research across Threat Intelligence (TI), AI-driven analytics, and detection engineering. This is a senior leadership role that will have researchers reporting: you will set technical direction and stay deep in the craft — personally shaping research, advancing detection systems, and influencing platform-level capabilities across Microsoft Security. You will partner closely with product, engineering, operations, and TI teams to deliver durable, scalable protection for global enterprise customers. In this role, you will operate at the intersection of threat intelligence, advanced analytics, and AI systems, leading high-impact initiatives that define how large-scale security platforms anticipate and respond to emerging threats. You will partner closely with product, engineering, operations, and threat intelligence teams to deliver durable, scalable protection for global enterprise customers.

Job Responsibility

  • Set technical vision for advanced threat research spanning Threat Intelligence, analytics, and AI across large-scale, cross-domain telemetry platforms — and stay hands-on enough to prove it works
  • Lead deep research into emerging threats, attacker TTPs, and campaign behavior across endpoint, identity, email, cloud apps, and multi-cloud surfaces — translating insight into concrete detection and response strategy
  • Architect AI/ML-driven detection systems — behavioral analytics, anomaly detection, and agentic / LLM-powered enrichment and investigation pipelines — including the evaluation, guardrails, and abuse-resistance (e.g. prompt-injection defense, output validation) that make them production-safe
  • Operationalize intelligence-to-detection pipelines that continuously convert TI into scalable, production-grade detections, managed as detection-as-code (versioned, tested, backtested, CI-deployed)
  • Drive detection-engineering excellence across SIEM/XDR platforms (Microsoft Defender / Sentinel) — owning measurable signal quality, broad coverage, and low false-positive rates
  • Establish efficacy frameworks for detection coverage, false-negative reduction, and signal-to-noise optimization at scale, with clear metrics (precision/recall, true-alert ratio, FP/FN discovery)
  • Individually author and ship high-fidelity detections and hunts when it matters — triaging their false positives and measuring production performance
  • Drive cross-tenant signal correlation, multi-stage attack analysis, and graph-based campaign stitching as a core research capability
  • Collaborate cross-functionally with Product, Engineering, and Operations to productionize research into customer-facing protection
  • Mentor senior researchers and engineers, setting the bar for technical depth, innovation, and execution rigor
  • Influence internal and industry strategy through thought leadership, leadership/customer threat briefings, research publications, and contributions to the security community

Requirements

  • 12+ years of experience in threat research, threat intelligence, detection engineering, or security analytics within large-scale, complex environments
  • Proven ability to lead and individually execute advanced research on emerging threats across cloud, identity, endpoint, and multi-domain attack surfaces
  • Demonstrated expertise in at least one core domain—Threat Intelligence, AI/ML for Security, or Security Analytics—with strong cross-domain proficiency
  • Hands-on experience designing and shipping high-fidelity detection strategies on SIEM/XDR platforms (Microsoft Defender / Sentinel), with a track record of managing false positives and measuring detection efficacy
  • Depth in at least one major cloud (Azure preferred) and solid working knowledge of modern multi-cloud attack vectors
  • Strong proficiency in data analysis and engineering tools (e.g., KQL, Python, ADX and notebook-driven exploration) and experience working with large-scale analytical pipelines
  • Proven ability to independently drive ambiguous, high-impact technical problems to completion
  • Ability to influence cross-functional teams and communicate complex technical concepts to diverse audiences, including leadership and customers

Nice to have

  • Experience with AI/agentic systems for security — RAG over intel, LLM evaluation, guardrails, and defense against model abuse
  • Cross-tenant signal correlation, multi-stage attack analysis, or graph-based campaign stitching
  • Data-science rigor: feature engineering, model evaluation, and detection drift/decay monitoring
  • Adversary emulation, malware analysis, or reverse-engineering background
  • Experience operating on customer telemetry at scale under privacy and compliance constraints

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Principal Threat Research Lead

8 matching positions

Principal Threat Response & Customer Experience Architect

As a member of the Microsoft Threat Protection Security Research (MTP-R) Team, y...
Location
Location
United States , Redmond
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree AND 6+ years experience in engineering, product/technical program management, data analysis, or product development OR equivalent experience
  • 3+ years of experience leading cross‑functional team projects, including alignment across globally distributed teams and complex organizational structures
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Architect and communicate a clear, inclusive protection value story that connects MTP capabilities to customer outcomes
  • Lead proactive and reactive threat response programs that support customers with consistent, high‑quality experiences
  • Design and evolve unified threat workflows that empower humans and AI agents to work together effectively
  • Drive cross‑team alignment across engineering, research, data science, and customer‑facing groups to streamline protection efforts
  • Identify friction points in threat workflows and partner with teams to reduce manual effort and accelerate response
  • Establish transparent metrics, feedback loops, and learning systems that continuously improve protection impact
  • Translate complex threat intelligence, detections, and research into accessible guidance for customers and field teams
  • Champion customer perspectives, ensuring insights inform product direction, threat research, and operational decisions
  • Support readiness, enablement, and documentation that help global teams deliver inclusive, consistent MTP experiences
  • Contribute to building autonomous security capabilities that strengthen protection across diverse cloud and on‑prem environments
  • Fulltime
Read More
Arrow Right

Principal Applied Threat Intelligence Manager

Security represents the most critical priorities for our customers in a world aw...
Location
Location
United States , Redmond
Salary
Salary:
142800.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR equivalent experience
  • 1+ year(s) people management experience
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Must pass Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter
  • Verification of U.S. citizenship via a valid passport
Job Responsibility
Job Responsibility
  • Manage a team of Applied Threat Intelligence analysts to lead with AI to understand the threat landscape and the latest attacker tradecraft
  • Track threat actors, including financially motivated threat actors
  • their infrastructure, their targets, and their shifting techniques, tactics, and procedures
  • Translate complex technical findings into clear, prescriptive guidance for security operations teams, executives, and the broader defender community
  • Partner with product, research, marketing, and communications teams to ensure high-quality intelligence experiences through Microsoft's customer-facing surfaces and managed services
  • Build and refine the pipelines, tooling, and workflows that allow Microsoft to stream insightful cyber threat intelligence to customers machine speed
  • Represent Microsoft Threat Intelligence in customer briefings, industry conferences, and cross-industry working groups
  • Mentor analysts and contribute to tradecraft, analytic standards, and team-wide knowledge sharing
  • Fulltime
Read More
Arrow Right

Principal Applied Threat Intelligence Analyst

Security represents the most critical priorities for our customers in a world aw...
Location
Location
United States , Redmond
Salary
Salary:
142800.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter
  • This position requires verification of U.S. citizenship due to citizenship‑based legal restrictions
Job Responsibility
Job Responsibility
  • Lead with AI to understand the threat landscape and the latest attacker tradecraft
  • Track threat actors, including financially motivated threat actors
  • their infrastructure, their targets, and their shifting techniques, tactics, and procedures
  • Translate complex technical findings into clear, prescriptive guidance for security operations teams, executives, and the broader defender community
  • Partner with product, research, marketing, and communications teams to ensure high-quality intelligence experiences through Microsoft's customer-facing surfaces and managed services (Agentic Security, Defender XDR, Defender Experts, Sentinel, blogs, briefings)
  • Build and refine the pipelines, tooling, and workflows that allow Microsoft to stream insightful cyber threat intelligence to customers machine speed
  • Represent Microsoft Threat Intelligence in customer briefings, industry conferences, and cross-industry working groups
  • Mentor analysts and contribute to tradecraft, analytic standards, and team-wide knowledge sharing
  • Fulltime
Read More
Arrow Right

Principal Security Research Manager

Security represents the most critical priorities for our customers in a world aw...
Location
Location
United States , Multiple Locations
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR equivalent experience
  • 1+ year(s) people management experience
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Lead our simulation team, responsible for building the simulation environment and capture-the-flag (CTF) challenges that comprise the game board for AI red versus AI blue
  • Lead a multi-disciplinary team including security researchers, applied scientists, and engineers to design and implement large-scale virtual environments representing real world network design, breach paths, and benign traffic patterns
  • Design and plant end-to-end CTF challenges within these environments, working together with our larger team to challenge and grow both AI red team and AI blue team capabilities
  • Partner with research and engineering to implement agentic wargames and self-driven learning approaches, improving both AI red and AI blue team solutions
  • Fulltime
Read More
Arrow Right

Principal Security Research Manager

Microsoft Defender Experts provides expert-led services that help organizations ...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of experience which should include experience in managing direct teams and leading Security research and operations in a large environment
  • Good understanding of large-scale enterprise IT infrastructure, including cloud and hybrid setup
  • Deep knowledge of various kinds of attacks, threats and mitigation measures
  • Ability to communicate effectively across a globally distributed team
  • Computer science or related educational degree
  • Proven experience around scaling security operations using technology and automation
Job Responsibility
Job Responsibility
  • Run managed detection and response operations, in close partnership with a globally distributed team
  • Lead our coordinated response to complex security threats and incidents to effectively protect our global customers
  • Use advanced tools, real-time analytics, AI and threat intelligence to rapidly detect an adversary and evict them from our customer’s environment
  • Collaborate with engineering, program management and researchers across defender products to help enhance Defender Experts capabilities
  • Manage scale of research, operations through automation and innovation and driving operational excellence through a data-driven approach
  • Attract, coach and retain the best talent in the industry
  • Fulltime
Read More
Arrow Right

Principal Software Engineers - Applied AI for Microsoft Threat Protection

The Microsoft Security Organization is building the next generation of security ...
Location
Location
United States , Redmond
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Computer Science or related technical field AND 4+ years technical engineering experience with coding in languages including, but not limited to, Python, C#, Go, or Java OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud Background Check upon hire/transfer and every two years thereafter
  • Master's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR Bachelor's Degree in Computer Science or related technical field AND 8+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience
  • 6+ years of experience designing, building and operating scalable ML systems, including ML infrastructure and pipelines (Azure ML, Kubernetes), model versioning, observability, and secure deployment, with hands‑on experience in MLOps/AIOps/SecDevOps practices
  • 6+ years of experience building secure, reliable software systems, with applied knowledge of authentication, data protection, access control, and secure coding practices
  • 6+ years of experience designing, building, and operating distributed or cloud‑scale systems (Azure, AWS, or GCP), including production ownership, CI/CD integration, and operating highly available services
  • 2+ years of experience designing and building applications with LLM orchestration frameworks (e.g., LangChain, AutoGen), including agent‑based workflows, RAG pipelines, prompt engineering, and model fine‑tuning/evaluation
Job Responsibility
Job Responsibility
  • Design and evolve AI‑driven security systems leveraging large language models, multimodal models, and frontier capabilities to address complex security challenges
  • Develop contextual knowledge systems, including security graphs, semantic representations, memory frameworks, and high‑quality reasoning over security data
  • Collaborate across disciplines with Security Engineers, domain experts, and Product Managers to define inclusive, AI‑native security experiences
  • Partner with AI Infrastructure and Platform teams, Research, and Model Engineering groups to translate security workflows into AI‑optimized architectures
  • Enable automation, augmentation, and responsible autonomy to drive measurable functional improvements across security solutions
  • Prototype, validate, and deploy solutions in live production environments while upholding Microsoft standards for security, reliability, privacy, and trust
  • Shape technical direction for AI Security by influencing architecture, tooling, engineering practices, and shared best practices
  • Lead cross‑team initiatives spanning security products, platforms, and business units through collaboration and shared ownership
  • Mentor and sponsor engineers at multiple levels, fostering inclusive technical dialogue, sound engineering judgment, and continuous growth
  • Contribute to a culture of learning, accountability, and impact across the broader engineering and security community
  • Fulltime
Read More
Arrow Right
New

Principal Product Manager

Do you want to help organizations secure the way modern software is built, deliv...
Location
Location
United States , Redmond
Salary
Salary:
142800.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Computer Science, Engineering, Cybersecurity, or related technical field AND 8+ years of experience in product management, program management, software engineering, security engineering, or related disciplines
  • Experience defining and delivering products or platforms in cybersecurity, developer tools, cloud services, or enterprise software
  • Demonstrated ability to lead complex initiatives across multiple teams without direct authority
  • Experience translating technical concepts into customer value and business outcomes
  • Written, verbal, and executive communication skills
Job Responsibility
Job Responsibility
  • Shape product strategy and roadmap priorities for Microsoft Defender’s software development life cycle capabilities
  • Develop a deep understanding of customer needs, market shifts, and emerging threats, and translate that insight into clear product direction
  • Partner across Microsoft Defender, GitHub, Azure, Windows, AI, and security research teams to align strategy and execution
  • Define differentiated product experiences that help customers secure code, dependencies, build systems, developer environments, AI-assisted workflows, and deployment pipelines
  • Represent Microsoft with customers, executives, and industry audiences as a credible voice on secure software development and supply chain security
  • Fulltime
Read More
Arrow Right
New

Principal Security Researcher

You will be part of the team that builds and delivers the threat detection capab...
Location
Location
United States , Santa Clara
Salary
Salary:
162700.00 - 263175.00 USD / Year
paloaltonetworks.com Logo
Palo Alto Networks
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep hands-on experience in vulnerability research, exploit analysis, IPS/IDS detection, offensive security, or closely related threat prevention work
  • Proven ability to identify important technical problems, propose detection ideas, drive execution, and deliver measurable product or customer impact
  • Deep understanding of common vulnerability classes and exploit techniques, including memory corruption, injection, authentication bypass, path traversal, SSRF, RCE, XSS, SQL injection, CSRF, MITM, and DoS
  • Strong ability to analyze vulnerability root cause, exploitability, PoC behavior, network traffic, protocol behavior, application-layer attack patterns, and detection tradeoffs
  • Experience translating vulnerability or exploit understanding into production-quality IPS signatures, IDS detections, network detections, or other customer-facing protections
  • Strong understanding of network protocols and application-layer behavior, especially HTTP, DNS, SMB, FTP, SMTP, TCP/UDP, TLS, and related protocols
  • Strong programming or scripting skills for research automation, tooling, test generation, detection development, or pipeline improvements
  • Ability to lead complex technical work under ambiguity, guide other researchers or developers, and make sound technical decisions under time pressure
  • Experience using AI, ML, automation, or research tooling to improve security analysis, detection development, validation, or response workflows is highly desirable
  • Foundational understanding of AI security scenarios or AI-assisted security workflows is a plus
Job Responsibility
Job Responsibility
  • Shape ATP detection strategy by identifying important vulnerability, exploit, and attack technique areas where new or improved protections are needed
  • Drive innovative detection ideas from concept to production, delivering measurable improvements in coverage, quality, speed, or scalability
  • Improve rapid response capability for zero-days, high-impact CVEs, and emerging attack vectors by guiding technical assessment, detection strategy, and release decisions
  • Raise the quality and consistency of IPS protections by defining detection approaches, validation expectations, and technical review standards for complex cases
  • Expand the team's ability to deliver protections at scale through practical automation, detection pipeline improvements, and AI-assisted research workflows
  • Provide hands-on technical leadership to researchers or developers through direction, review, problem decomposition, and execution guidance
  • Influence cross-functional decisions with product, QA, engineering, and research partners to ensure detections are technically sound, customer-relevant, and production-ready
What we offer
What we offer
  • restricted stock units
  • bonus
  • employee benefits
  • Fulltime
Read More
Arrow Right