Principal Security Researcher (Red Team)

Overview Security is one of the most critical priorities for our customers in a world of growing digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world safer by empowering every user, customer, and developer with a security cloud that delivers end-to-end, simplified protection. The Microsoft Security organization advances this mission by helping secure digital technology platforms, devices, and clouds across customers’ heterogeneous environments, while also protecting Microsoft’s internal estate. Our culture is grounded in a growth mindset, inspiring excellence, and enabling teams and leaders to bring their full potential each day. The Microsoft Threat Protection Research (MTP-R) Purple Team sits at the intersection of offense, defense, and intelligence, working across Microsoft Defender technologies to ensure telemetry, detections, and protections are effective against real-world cyberattacks. We are looking for a Principal-level red team security researcher with experience in adversary emulation, offensive tooling, and malware development to design and execute realistic attack simulations in an AI-first environment. This role will use agentic systems and LLM-driven workflows to scale attack development, automation, and simulation fidelity, while helping shape how AI-enabled offensive research is used to emulate modern adversaries in controlled, high-impact ways. This role is for someone who has experience in offensive security and wants to shape how AI-enabled adversary emulation is performed at scale. You will define methodologies, influence product direction, and drive innovation in agentic red team capabilities. Responsibilities As a Principal Security Researcher (Red Team), you will: Lead the design and execution of complex, multi-stage adversary simulations across endpoint, identity, cloud, and SaaS environments. Architect and develop advanced offensive tooling, including scalable C2 frameworks, custom implants, and malware tradecraft. Conduct deep research into modern attacker techniques, including novel evasion strategies, cloud abuse patterns, and identity-based attacks. Drive threat modeling and adversary emulation strategy, aligning simulations with real-world campaigns and emerging threats. Leverage and contribute to threat intelligence by producing new insights from simulation results, tradecraft research, and adversary behavior analysis. Design and implement AI-enabled and agentic systems to automate offensive operations, generate adaptive attack paths, and scale simulation complexity. Evaluate the effectiveness of defensive systems, including AI-driven detections, and provide strategic recommendations for improvement. Partner with engineering, detection, and intelligence teams to influence product direction and improve security outcomes. Deliver executive-level briefings, technical reports, and strategic recommendations. Act as a technical leader, shaping offensive research methodology, mentoring team members, and driving long-term innovation. Qualifications Minimum Qualifications: Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection. OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection. OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection. OR equivalent experience. Other Requirements: Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter. This position requires verification of U.S. citizenship due to citizenship‑based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship‑based restrictions where required or permi