Microsoft Corporation Senior Cloud Security Researcher (Tel Aviv Position) - Advanced Threat Analytics in Tel Aviv, Israel

Our Group

This job is positioned in Microsoft’s brand new Tel Aviv Cloud Security Development Center!

Microsoft Advanced Threat Analytics (formerly Aorato) is a unique innovator in cyber security.

Previously a startup, we are a small group (40 engineers, PMs and security researchers), building products that protect an organization's identities, across enterprise networks and cloud assets. Our products apply sophisticated algorithms, collect and fuse data from many sources, and process immense amounts of traffic in real time.

We are in-charge of a super successful product (HUGE enthusiastic customers, MILLIONS of users) - Azure ATP, we invent new detections in Microsoft’s Cloud App Security product, and are currently building a massive UEBA engine, built to protect identities from attackers and malicious insiders in organizations’ hybrid networks.

We deal with extremely complex security challenges, hard-core scale and performance requirements (100s of thousands of events per second) and own a unique market position to make Microsoft the world's leader in cyber security.

To learn more about us - check out .

Our culture

We are an agile team of very strong engineers, researchers and PMs, with a "move-fast" attitude, passion for solving tough problems, building things the right way and delighting our customers.

We encourage autonomy, collaboration, creativeness and proactivity.

We are allergic to bureaucracy and paperwork.


You’ll have a crucial role in defending Microsoft’s customers’ networks and identities, both cloud and on-premise, from the world’s most sophisticated attackers.

You’ll be leading joint research projects across multiple groups in Microsoft and outside, identify new attack vectors, map out attack kill chains, come up with innovative methods for detection, and serve a subject matter expert for PMs, engineers and fellow researchers.

You will take part in strategic roadmap creation, as well as hands on security research, including:

· Analyzing different protocols to identify network behavior – TCP, SSL, Kerberos, OAuth2, HTTP, DNS and many more

· Find indicators of compromise in immense datasets

· Optimizing existing detections to reduce false positives and increase quality of alerts

· Developing deterministic and behavioral methods to detect compromised identities

· Researching online for the latest security threats

· Collaboration with other security groups to identify the latest threats and attack vectors

· Writing blogs, publications and presenting in global cyber security conferences

· Write the detections code yourself (when relevant)


  • 5+ years of experience as a network/cloud security researcher

  • Proven track record of innovative cyber security research

  • Relevant military service is a big advantage

  • Experience with any programing/scripting language (for building proof of concepts)

  • Experience with data/security analysis – advantage

  • Team player, confident, independent and enthusiastic!

  • Strong verbal and presentation skills

  • Passion for conducting “practical” research – delivering constant value to our customers