Principal Security Researcher - Microsoft Red Team

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The Microsoft Red Team attacks ALL Microsoft services, continually – identifying critical, systemic risks, demonstrating authentic attack chains and techniques, and working with engineering teams, investigators, and incident responders to continuously improve their ability to protect, detect, investigate, and respond to real attacks.

Microsoft Red Team is launching the AI Adversary Lab (AIAL) in ILDC (Microsoft Israel Development Center), a new extension of the Microsoft Red Team, to address the growing threat of AI-enabled adversaries through deep engineering and applied vulnerability research.

The research team in AIAL will collaborate with global Red Team security vulnerability researchers and Red Team operators to analyze Microsoft's AI infrastructure, especially Azure AI services, to discover vulnerabilities, assess attacker impact, and improve resilience. We make Microsoft ready to face persistent, sophisticated adversaries by developing new methods to find, exploit, and mitigate security flaws.

As a Principal Security Researcher, you will lead proactive vulnerability research, developing novel proofs-of-concept and exploit chains that emulate real-world attackers. You will discover vulnerabilities across AI systems, validate exploitability, and work closely with engineering and product teams to drive remediation. The vulnerabilities you will find will impact hundreds of millions of users!

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

• Become a founding member of the AIAL group as part of Microsoft Red Team.
  
  

As a founding member, you will help shape the team’s culture and practices.

• Key responsibilities include:
• Research and discover zero-day vulnerabilities in AI applications, models, and AI service ecosystems.
• Work closely with Red Team operators and engineering teams to address findings and strengthen the resilience of AI-driven systems.
• Analyze a wide array of data sources to identify potential security weaknesses and breach points within Microsoft’s AI infrastructure.
• Develop tools and techniques to scale and accelerate adversary emulation and vulnerability discovery.
• Advocate for security change across the company by building partnerships and clearly communicating the impact of risks.
  
  

Qualifications

Our teams focuses on the diversity of all types of candidates, and we strive to hire people with different experiences and perspectives into our teams. To that end, we know that no candidate has every desired skill and experience, but together we make a strong, effective teams. 

• You have a B.Sc. or M.Sc. in Statistics, Mathematics, Computer Science or related field **OR** relevant practical experience (e.g. hands-on work in industry or service in a technology unit in the military).
• You have 10+ years of software security industry experience with knowledge of adversary tradecraft, security operations, and of emerging threats and techniques for attacks against modern cloud environments. 
• You have 6+ years of hands-on experience in security research, including 4+ years in vulnerability security research.
• You have hands-on experience with AI/ML systems, including understanding of model architectures, adversarial ML, data poisoning, prompt injection, or security of LLM-based applications.
• Familiarity with emerging AI security risks, evaluation frameworks, or red teaming AI applications.
• A drive to tackle hard problems with level of ambiguity.
• You have knowledge of the security threat landscape, with experience in the modern attacker kill chain and MITRE ATT&CK - especially in AI-related threat scenarios.
  
  

Preferred Qualifications

• Proficiency in multiple programming and scripting languages.
• Proven track record of discovering and responsibly disclosing security vulnerabilities.
• Experience in Red Teaming or offensive cyber operations.
• 8+ years of hands-on experience in vulnerability security research.
  
  

#MRT #AIAL

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.