Senior Cloud Security Researcher – EPSF IL at Microsoft – Herzliya, Tel Aviv, Israel

Our team is actively involved in proactive vulnerability research across Azure platform services. We are dedicated to uncovering new classes of vulnerabilities and breakthrough exploitation techniques to effectively prevent cyber threats.

We are looking for exceptional individuals with a deep passion for security and cloud technologies. If you are passionate about solving complex challenges, have a deep fascination for vulnerability research, and are eager to contribute to conducting groundbreaking security research, we invite you to join us in our mission. In doing so, you will play a critical role in protecting countless users across the global landscape. Your expertise and dedication will be critical in strengthening our collective digital defenses.

We are looking for a highly skilled and experienced Senior Researcher to join our Offensive Cloud Security Team at Microsoft. In this role, you will lead vulnerability assessments, play a critical role in identifying and addressing potential security vulnerabilities within Microsoft cloud services, and ensure the highest levels of security for our customers and their data.

Responsibilities

• Investigate and discover zero-day vulnerabilities in cloud environments and associated technologies. Develop and deploy proof-of-concept exploits to demonstrate potential risks and work closely with engineering teams to address findings.

• Conduct in-depth threat modeling exercises to identify security risks and vulnerabilities in Microsoft cloud infrastructure. Work with cross-functional teams to assess the impact of identified threats and propose mitigation strategies.

• Design and execute advanced penetration tests against Microsoft cloud services, simulating real-world attack scenarios. Provide detailed reports summarizing vulnerabilities, exploitation techniques, and recommended remediation steps.

• Create and maintain advanced tools for discovering, exploiting, and testing vulnerabilities in cloud environments. Stay current with the latest security research and integrate innovative techniques into the offensive security toolkit.

• Work with internal security teams to improve overall security posture, including incident response and defensive security. Participate in knowledge sharing initiatives, mentor junior team members, and contribute to the security community.

Qualifications

Required/Minimum Qualifications

• Over 8 years of hands-on experience in offensive security research, with over 2 years focused on cloud environments.

• Demonstrated track record of discovering and responsibly reporting security vulnerabilities.

• Expertise in cloud security technologies including Azure, AWS, GCP and similar technologies.

• Knowledge of multiple programming and scripting languages.

Other requirements:

• Bachelor’s degree or equivalent in computer science, information security, or related field. Advanced degrees are a plus.
• Strong written and verbal communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you require assistance and/or a reasonable accommodation due to a disability during the application or hiring process, please submit a request using the Accommodation Request Form.

The benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.