Redmond, WA, United States

Are you interested in working on the cutting edge of enterprise security products?  Do you want to combat evolving, advanced security threats? Do you want to build intelligence and analytics systems powering one of the most advanced security products Microsoft offers today?


Windows Defender Advanced Threat Protection (WDATP) is the security service that enables Microsoft’s enterprise customers to detect, investigate, and respond to advanced threats on their networks via a combination of endpoint behavioral sensors, cloud security analytics and threat intelligence

We are looking for deeply technical and passionate analysts who are interested in working on an emerging product in a fast-paced startup style environment to deliver applied research in the form of an intelligence service that ships continuously


  • Design and implement scalable systems and user experiences for analyzing data across cyber intelligence knowledge graphs to identify and track sophisticated attacker techniques, tools, and infrastructure.
  • Build hunting tools and automations for use in the discovery of emerging threats and human adversaries.
  • Utilize threat research to improve our analytic capabilities, develop new detection methodology, and influence the development of sensor capability.
  • Connect threat data and workflows among our internal and external partners improving our ability to hunt for and identify cyber threats.
  • Develop and foster strong relationships with analysts on multiple security teams within Windows Defender research to collaborate on experience development.
  • Seek opportunities in our day-to-day workflow to improve quality and efficiency from ideation to deployment.
  • Document your processes and workflow in sharable documents for future reuse and adoption.
  • Use your experience with a broad range of technology stacks, platforms and workflow tools to do your best, most efficient work and teach others to do the same.


Required qualifications:

  • 5+ years of professional experience designing and developing software or services.
  • 3+ years of experience in cyber-security, cyber-defense, or cyber incident response.


Preferred qualifications:

  • Strong programming or scripting background. (Python, PowerShell, C#, C++, etc.)
  • 2+ years of experience building high-scale distributed data-oriented systems.
  • Background in design and implementation of large-scale data mining and workflow systems.
  • Experience working with high-volume, highly dimensional data at scale using distributed parallel processing systems (e.g. Hadoop, Spark), graph database technology and concepts (e.g. Neo4j, Azure Cosmos DB/Gremlin/GraphQL), as well as common document and relational database technologies. (e.g. MongoDB, SQL Server.)
  • Experience with threat intelligence platforms like Open Threat Exchange, YETI, MISP, CyGraph, ThreatStream, etc.
  • Experience with full-stack technologies using React, Angular, Elastic, etc. (e.g. MERN, MEAN, ELK)
  • Experience in data science, experience with machine learning, online learning, graph theory.
  • Deep and practical OS security/internals knowledge.
  • Experience in security research and attacker tradecraft.
  • Experience tracking cyber threats and leveraging intelligence on methodology, tools, and infrastructure.
  • Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.;
  • Ability to analyze and present complex data visually in a meaningful way.
  • Excellent communication skills with an eye for detail and the ability to articulate business needs in cross-group and partner scenarios.
  • Technical BA degree preferred.
  • Excellent cross-group and interpersonal skills, with the ability to articulate business needs and outcomes.



Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.


Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.


We’re passionate about connecting highly skilled women with leading companies commited to diversity and inclusion

Are you looking for your dream job? In Office. Flexible. Remote.

Join our Movement

Are you hiring? Join our platform for diversifying your team

Post a job