The Defender Experts (DEX) Research team is at the forefront of Microsoft’s threat protection strategy, combining world-class hunting expertise with AI-driven analytics to protect customers from advanced cyberattacks. Our mission is to move protection left—disrupting threats early, before damage occurs—by transforming raw signals into intelligence that powers detection, disruption, and customer trust.

1. • Design and maintain scalable threat graphs that model entities such as devices, identity, threat actors, TTPs, infrastructure, and campaigns.

   • Execute advanced research to develop algorithms and heuristics to detect malicious patterns and relationships within graph data on emerging cloud-based threats impacting Microsoft and third-party security products across heterogeneous cloud environments.

   • Collaborate with threat protection researchers, data scientists, and detection engineers to enrich graph models with contextual insights and refine detection and response strategies, to provide comprehensive threat coverage and response capabilities.

   • Research and prototype novel graph-based techniques for threat detection, attribution, and prioritization in collaboration with internal and external security teams.

   • Translate complex raw security data into actionable graph intelligence that enhances the effectiveness of security operations for a global customer base.

   • Mentor, guide, and drive best practices among researchers and detection engineers on advanced graph-based threat hunting and incident response across diverse ecosystems.

   • Contribute to industry knowledge and Microsoft’s security posture by publishing research, developing threat graph models, and proactively identifying threats and attack trends in the cloud.

1. • Strong understanding of graph theory, graph databases (e.g., Neo4j, TigerGraph), and graph analytics with proficiency in Python or similar languages for data analysis and prototyping.

   • Experience working with large-scale datasets, distributed systems and graph analytics projects.

   • Ability to translate complex threat data into graphs and actionable insights.

   • Experience with machine learning or statistical modelling applied to graph data.

   • Proven ability to execute advanced research on emerging cloud-based threats affecting both Microsoft and third-party security products across heterogeneous cloud environments.

   • Knowledge of adversary infrastructure tracking, malware analysis, or campaign clustering.

   • Extensive hands-on experience with cloud platforms—including, but not limited to, Azure—as well as a deep understanding of multi-cloud security challenges and solutions.

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.