Senior Security Researcher - Microsoft Red Team

Overview

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.

The Microsoft Red Team attacks ALL Microsoft services, continually – identifying critical, systemic risks, demonstrating authentic attack chains and techniques, and working with engineering teams, investigators, and incident responders to continuously improve their ability to protect, detect, investigate, and respond to real attacks.

Microsoft Red Team is launching the AI Adversary Lab (AIAL) in ILDC (Microsoft Israel Development Center), a new extension of the Microsoft Red Team, to address the growing threat of AI-enabled adversaries through deep engineering and applied vulnerability research.

The research team in AIAL will collaborate with global Red Team security vulnerability researchers and Red Team operators to analyze Microsoft's AI infrastructure, especially Azure AI services, to discover vulnerabilities, assess attacker impact, and improve resilience. We make Microsoft ready to face persistent, sophisticated adversaries by developing new methods to find, exploit, and mitigate security flaws.

As a Senior Security Researcher, you will lead proactive vulnerability research, developing novel proofs-of-concept and exploit chains that emulate real-world attackers. You will discover vulnerabilities across AI systems, validate exploitability, and work closely with engineering and product teams to drive remediation. The vulnerabilities you will find will impact hundreds of millions of users!

Responsibilities

• Become a founding member of the AIAL group as part of Microsoft Red Team. Help shape the team culture and practices.
• Research and discover zero-day vulnerabilities in AI applications, models, and AI service ecosystems. Work closely with Red Team operators and engineering teams to address findings and strengthen resilience of AI-driven systems.
• Analyze a wide array of data sources to identify potential security weaknesses and breach points within Microsoft’s AI infrastructure.
• Develop tools and techniques to scale and accelerate adversary emulation and vulnerability discovery.
• Advocate for security change across the company through building partnerships and clearly communicating impact of risks.
  
  

Qualifications

Our teams focuses on the diversity of all types of candidates, and we strive to hire people with different experiences and perspectives into our teams. To that end, we know that no candidate has every desired skill and experience, but together we make a strong, effective teams. 

• You have a B.Sc. or M.Sc. in Statistics, Mathematics, Computer Science or related field OR relevant practical experience (e.g. service in elite technology unit in IDF).
• 6+ years of hands-on experience in security research, including 3+ years in vulnerability security research.
• A drive to tackle hard problems with level of ambiguity.
• Knowledge of the security threat landscape, with experience in the modern attacker kill chain and MITRE ATT&CK - especially in AI-related threat scenarios.
  
  

Preferred Qualifications 

• Proficiency in multiple programming and scripting languages.
• Proven track record of discovering and responsibly disclosing security vulnerabilities.
• Experience in Red Teaming or offensive cyber operations.
• 6+ years of hands-on experience in vulnerability security research.
• Hands-on experience with AI/ML systems, including understanding of model architectures, adversarial ML, data poisoning, prompt injection, or security of LLM-based applications.
• Familiarity with emerging AI security risks, evaluation frameworks, or red teaming AI applications.
  
  

This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.