Come and be part of a new and dynamic team, focusing on emerging threats against organizational -enterprise environments. Theres an opportunity joining a new team focusing on disrupting nation state and stealthy attacks, across all the Microsoft Defenders stack products, this role is currently focusing one of the flagships of the Defender stack - Microsoft Defender for Endpoint. Join the elite team powering Microsoft Defender's most groundbreaking autonomous protection system: Automatic Attack Disruption. As cyber threats evolve in sophistication, our team leads the charge in detecting, investigating, and automatically disrupting stealthy attacks conducted by various threat groups from nation states to sophisticated cyber criminals. We're looking for a passionate security researcher ready to make a real-world impact by protecting global enterprises from advanced and sophisticated attacks. As part of our Israeli research team, you'll hunt through diverse signals across on-premises, hybrid and cloud environments, uncovering advanced threats, research emerging attack techniques, design next-generation protection systems, and develop detection logic that ensures no compromise goes unnoticed. This is your chance to stay steps ahead of advanced adversaries while building autonomous defense capabilities that protect organizations worldwide. The job includes ideation to customer facing detection, researching novel attack techniques, hunting through our rich sensor data, identifying necessary optics for detecting malicious behaviour and crafting detection and protection logic to ensure compromise does not go undetected. Our team values diversity and strives to hire individuals with varied experiences and perspectives. We understand that no candidate possesses every desired skill and experience, but together, we form a strong, effective team. Microsofts mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Conduct in-depth research to develop detection mechanisms for novel and advanced offensive techniques from exploits to implants.
Lead end-to-end implementation efforts: from offensive proof-of-concept (PoC) to scalable, deployable detection logic across agent and cloud platforms.
Focus on low-level Windows Internalsbased detections, with the opportunity to expand into additional high-impact attacker surfaces.
Proactively hunt across diverse signal sources including on-premises, hybrid, and cloud environments to uncover stealthy threats and emerging attack techniques.
Stay current with the latest cyberattack trends and design robust, sophisticated detection logic across the full attacker kill-chain.
Build and implement innovative automated disruption capabilities that autonomously detect and mitigate attacks in real time.
Investigate real-world incidents to improve protection strategies and enhance the Microsoft Defender for Endpoint (MDE) product.
Collaborate with engineering and product teams to design security sensors, validate protection ideas, and measure effectiveness using data-driven approaches.
Engage with customers to identify product gaps, share insights, and enhance protection coverage based on real-world needs.
Contribute to the broader security community by authoring technical blogs, sharing research findings, and presenting at leading security conferences.
Requirements: 8+ years of hands-on experience in cybersecurity research, preferably in endpoint or network-based threat scenarios.
Deep understanding of Windows OS internals including User & Kernel mode architecture.
Proven experience in low-level development, preferably in C or C++ on Windows platforms.
.המשרה מיועדת לנשים ולגברים כאחד