The Microsoft Threat Protection Research (MTP-R) Purple Team sits at the intersection of offense, defense, and intelligence, working across Microsoft Defender technologies to ensure telemetry, detections, and protections are effective against real-world cyberattacks. We are looking for a senior-level red team security researcher with experience in adversary emulation, offensive tooling, and malware development to design and execute realistic attack simulations in an AI-first environment. This role will use agentic systems and LLM-driven workflows to scale attack development, automation, and simulation fidelity, while helping shape how AI-enabled offensive research is used to emulate modern adversaries in controlled, high-impact ways.

Design and execute adversary simulations that emulate real-world threat actors across endpoint, identity, cloud, and SaaS environments.

Develop and modify offensive tooling, including custom payloads, loaders, and command-and-control (C2) frameworks.

Conduct malware development and tradecraft research to replicate modern attacker techniques such as evasion, persistence, and lateral movement.

Leverage threat intelligence to inform adversary emulation scenarios, including campaign design, TTP selection, and operational sequencing.

Apply threat modeling frameworks such as MITRE ATT&CK to emulate realistic attack paths and identify defensive gaps.

Utilize AI-enabled and agentic systems to generate attack variations, automate tradecraft execution, and scale simulation coverage.

Partner with blue team and detection engineering teams to validate detections and improve defensive capabilities.

Analyze telemetry generated from simulations to assess detection coverage and identify opportunities for improvement.

Contribute to simulation reports, technical documentation, and internal knowledge sharing.

Collaborate across teams to improve offensive tooling, methodologies, and research practices.