Microsoft and the Azure Edge + Platform team are establishing a new Cloud Services Security Research team in Israel, and we are looking for a creative and experienced cloud security research leader to be the founder who will build and manage this expert team. If you are passionate about people, security and ensuring cloud services are one step ahead of attackers, we have the perfect job for you.
Our Edge & Platform, Devices, & Gaming (EDG) team is responsible for securing some of Microsoft’s largest and most critical online services including Azure, Windows Update, Windows Engineering Systems, Product Release and Signing Services, Xbox Live, Microsoft Game Studios, and many more. This team develops Tactics, Techniques and Protocols to exploit novel attack surfaces and provides tooling that our red and blue teams can use to enhance operations and tune our defenses in an ever-shifting threat landscape. Our team also looks at the wider picture at Microsoft to research highly likely avenues of attack and surface our discoveries before they are actively exploited in the wild.
In this role, you will manage a team of security researchers tasked with helping Microsoft cloud engineers ship the most secure cloud services possible. The ideal candidate will be a technical subject matter expert with experience building and leading highly technical teams. Additionally, candidates should have hands-on experience with cloud services, a clear understanding of security fundamentals, solid computer science skills, and a passion for keeping Microsoft customers safe.
In other words, you will:
- Manage the work of a security focused engineering research team across multiple concurrent projects
- Perform strategic and independent security research and discover new offensive techniques
- Communicate research findings to partner teams and organizations to realize wider security impacts
- Contribute to improving the security posture of cloud services
- Evaluate tools, techniques, and procedures for feasibility and impact
- Develop and refine offensive security knowledgebases, guides, and training
- Contribute to tooling and automation for Offensive Security, including discovery, automated analysis, exploitation, post-exploitation, and persistence tooling
- 8+ years of experience managing an offensive security team with demonstrated leadership skills
- 5+ years of identifying vulnerabilities in cloud services / networking / DBs
- 10+ years of experience in SW engineering, including building detective/preventive Security controls
- Strong understanding of common attacks, and a history of successfully applying defensive tactics to large scale Cloud hosted services
- Outstanding team player with strong cross-group collaboration skills and communication skills
- Public track record of relevant security research, especially around vulnerability discovery
- Relevant certifications from SANS, Offensive Security, CISSP, GIAC or a similar industry-recognized body
- Experience exploiting bugs and bypassing cloud security mitigations
- Experience with data analysis tools and/or AI/ML
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.