Microsoft Defender for Endpoint (MDE) is a product for preventative protection, post-breach detection, automated investigation, and response. Our team, the core machine learning and data science team, is responsible for building ML, LLM, and automation solutions that defend over a billion end users and enterprises from cybersecurity attacks through Microsoft Defender AntiVirus, Microsoft Defender Endpoint Detection and Response, and Network Protection products. We are a mix of machine learning engineers and security researchers who investigate attacks, develop big data pipelines, run experiments, and deploy our protection to production to protect customers at scale.

Investigate, analyze, and learn from ongoing cybersecurity attacks in order to develop durable detection and prevention solution/strategies across the kill-chain or product/OS enhancements. Shares and leads within team. As part of this you will primarily be running telemetry-based attack investigations and threat hunting mixed with light reverse-engineering.

Design, code, and maintain client-side and cloud machine learning and automation systems that powers cybersecurity protection in our products and services.

Experiment with and apply large language models and agentic systems to protect our customers and improve our internal systems.

Support the management of incidents by applying technical knowledge to diagnose and triage issues with a commitment to maintaining the quality of products and services. Takes notes during incidents and participates in postmortem and root-cause analysis processes.

Work with other internal and external teams to forge new and improve existing partnerships that help mature the product.