The Microsoft Threat Protection Research (MTP-R) Purple Team sits at the intersection of offense, defense, and intelligence, working across Microsoft Defender technologies to ensure telemetry, detections, and protections are effective against real-world cyberattacks. We are looking for a principal-level security researcher with deep experience in threat operations and Defender tooling to help design, execute, and analyze advanced adversary simulations, collaborate with engineering and detection teams, and translate attacker tradecraft into measurable defensive improvements across Microsoft’s security stack. This role is expected to operate in an AI-first environment, leveraging agentic systems and LLM-driven workflows to scale simulation design, automation, and validation beyond traditional human-driven approaches.

· Design and execute purple team simulations that emulate real-world threat actors, techniques, and campaigns across endpoint, identity, cloud, and email surfaces, incorporating both human-driven and agentic execution models. · Partner closely with Microsoft Defender engineering, research, and threat intelligence teams to evaluate detection coverage, investigation quality, and response effectiveness. · Analyze telemetry using Kusto / KQL to validate detection logic, uncover gaps, and measure signal quality at scale. · Translate attacker tradecraft into actionable insights for defenders, including detection recommendations, telemetry requirements, and investigation improvements. · Apply frameworks such as MITRE ATT&CK to map adversary behavior, identify coverage gaps, and communicate findings clearly to technical and non-technical audiences. · Leverage and contribute to threat intelligence by both consuming real-world campaign data and producing new insights through simulation outcomes, TTP discovery, and adversary emulation research. · Design, build, and leverage AI-enabled and agentic systems to automate simulation workflows, generate attack variations, validate detections, and accelerate post-simulation analysis. · Evaluate the effectiveness of AI-driven detections and defenses, identifying strengths, gaps, and opportunities for improvement across agentic security capabilities. · Contribute to written simulation reports, executive presentations, and technical documentation that influence product and security strategy.