Security Researcher II

Last updated 27 days ago
Location:Atlanta, Georgia
Job Type:Full Time

Empower every person and organization on the planet to achieve more. That’s what inspires us, drives our work, and pushes us to challenge the status quo every day. Security is a top priority for Microsoft because it is a top concern for our customers. Microsoft’s Security and Compliance team has invested deeply to build strong 1st party security capabilities across Microsoft 365.

The fight against cybercrime requires defenders to be adaptive and responsive to the rapidly evolving threat landscape. To protect our customers from an adaptive adversary and help them manage complexity in the cyber operation, we in turn need to innovate. Our security researchers provide the foundation of our innovation cycle, building immediate detections and mitigations, understanding the full breadth of impact experienced by our customers, and driving novel and durable product detections.

We are seeking a Security Researcher II to join our research team. We power protection of tens of millions of users across products like Office 365, Outlook, Microsoft Threat Protection, Mobile Threat Detection, Edge, and more. In this role, you would be responsible to respond to customer escalations, proactively research, investigate and mitigate the latest phishing and social engineering threats and campaigns, and work with a diverse team of data scientists, security researchers, applied researchers, engineers, and internal & external partners to empower our customers to communicate & browse with confidence and trust.



As a Security Researcher II on the team, you will be responsible for:

  • Authoring, adjusting, and innovating on heuristic and regex-based rules to react to immediate changes in attacker behaviors for email related phishing and social engineering threats.
  • Fully uncovering and documenting attacker campaigns to drive broad product protections.
  • Tracking adversary activities to develop attacker tradecraft and support durable detection innovations.
  • Respond to critical customer escalations to resolve detection effectiveness issues and engage with relevant partner teams to drive great customer experiences.
  • Work with, and guide, grading teams to correctly identify and label email messages and URL landing pages.
  • Working with the team to mature operating processes customer protections.
  • Making good, timely and practical decisions with uncertainty on a consistent basis.



  • 3+ years of experience investigating or responding to security incidents originating from the web or email.
  • 1+ years of scripting/data collection experience (Regex, SQL, python, C#)
  • 1+ years of experience driving projects or processes for operational teams.
  • Solid verbal and written communication skills in English.


  • Insatiable curiosity to learn about attacker patterns and behaviors, with a drive to build innovative detections and protections.
  • Familiar with the cyber kill chain, especially attack scenarios originating from email or web sites.
  • Familiar email headers, email/web security protocols, and related analysis tools.
  • Experience authoring and interacting with big data solutions to pull and analyze data.
  • Experience responding to customer escalations and reporting investigative findings.
  • Solid understanding of attacker tradecraft associated with email and web-based threats.
  • Broad, general, familiarity with the threat landscape affecting enterprise customers.
  • Familiarity with automated report building and business intelligence solutions (like PowerBI) is a plus.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.