Microsoft and the Azure Edge + Platform team are establishing a new Cloud Services Security Research team in Israel, and we are looking for a creative and experienced cloud security researcher to be a co-founder of this expert team. If you are passionate about security and ensuring cloud services are one step ahead of attackers, we have the perfect job for you.
Our Edge & Platform, Devices, & Gaming (EDG) team is responsible for securing some of Microsoft’s largest and most critical online services including Azure, Windows Update, Windows Engineering Systems, Product Release and Signing Services, Xbox Live, Microsoft Game Studios, and many more. This team develops Tactics, Techniques and Protocols to exploit novel attack surfaces and provides tooling that our red and blue teams can use to enhance operations and tune our defenses in an ever-shifting threat landscape. Our team also looks at the wider picture at Microsoft to research highly likely avenues of attack and surface our discoveries before they are actively exploited in the wild.
In this role, you will handle security research projects and help Microsoft cloud engineers to ship the most secure cloud services possible. The ideal candidate will be a technical subject matter expert with excellent hands-on experience with cloud services, a clear understanding of security fundamentals, solid computer science skills, and a passion for keeping Microsoft customers safe.
In other words, you will:
- Perform strategic and independent security research and discover new offensive techniques
- Communicate research findings to partner teams and organizations to realize wider security impacts
- Contribute to improving the security posture of cloud services
- Evaluate tools, techniques, and procedures for feasibility and impact
- Develop and refine offensive security knowledgebases, guides, and training
- Contribute to tooling and automation for Offensive Security, including discovery, automated analysis, exploitation, post-exploitation, and persistence tooling
- 5+ years of experience in offensive security
- 3+ years of identifying vulnerabilities in cloud services / networking / DBs
- 8+ years of experience in SW engineering, including building detective/preventive Security controls
- Strong understanding of common attacks, and a history of successfully applying defensive tactics to large scale cloud hosted services
- Proficiency with network packet analysis and host forensic tools
- Outstanding team player with strong cross-group collaboration skills and communication skills
- Publications of relevant security research, especially around vulnerability discovery
- Relevant certifications from SANS, Offensive Security, CISSP, GIAC or a similar industry-recognized body
- Experience exploiting bugs and bypassing cloud security mitigations
- Experience with data analysis tools and/or AI
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.