Connecting people I'd hire with companies I'd work at

Matt Wallaert
35
companies
7,735
Jobs

Red Team Penetration Tester - Offensive Cybersecurity Team

Microsoft

Microsoft

Redmond, WA, USA
Posted on Monday, February 12, 2024
The Trust and Integrity Protection (TrIP) team supports the company’s overall security mission by providing key security services that help protect systems, services, data.

Are you passionate about identifying security vulnerabilities and risks in enterprise-scale systems with specific focus on Artificial Intelligence? Do you want the challenge of conducting penetration tests against some of the world’s most cutting-edge technology implementations? The TrIP Offensive Cyber Security Team is Microsoft’s internal penetration testing and offensive security team, tasked with identifying security flaws across the entire Microsoft Customer and Partner Solutions (MCAPS) technology estate.

As a Red Team Penetration Tester with the TrIP’s Offensive Cyber Security Team, you will plan and execute offensive security activities and penetration tests against the wide variety of systems that enable Microsoft teams to conduct their day-to-day activities. You will develop novel attack techniques against new and existing products and deliver high-quality risk reporting outputs to internal stakeholders across Microsoft. You will have hands-on experience with native code (C/C++), penetration testing (code audit, writing fuzzers, finding creative ways to break assumptions), a clear understanding of Operating Systems security fundamentals, solid computer science skills, and a passion for keeping Microsoft customers safe.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

  • As a Red Team Penetration Tester - Offensive Cybersecurity Team, you will discover and exploit vulnerabilities end-to-end in order to assess the security of AI systems.
  • Execute Red Team and Penetration Testing operations on production AI systems using real world adversarial tactics and techniques to identify failures.
  • This candidate will possess solid technical skills, coupled with a passion for identifying security flaws and developing innovative solutions.
  • Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery specific for AI systems.
  • Collaborate with teams to influence measurement and mitigations of these vulnerabilities in AI systems and generative AI solutions.
  • Research new and emerging threats to inform the organization including prompt injection, improve red teaming efficacy and accuracy, and stay relevant.
  • Perform research to stay current with penetration testing tools, methodologies, tactics, and mitigations.
  • Develop, operationalize and maintain penetration testing procedures and methodologies.
  • Produce high-quality papers, presentations, as well as recommendations to key stakeholders.
  • Research new and emerging threats to inform the organization, improve red teaming efficacy and accuracy, and stay relevant.
  • Assist other team members and Penetration Testers at Microsoft in offensive techniques and approaches.
  • Team up with other Offensive Security personnel at Microsoft to leverage the latest trends, and identify good opportunities for attack.
  • Discovery of Problems/Identifying Vulnerabilities in Generative AI and AI systems.
  • Embody our culture and values.

Qualifications

Required Qualifications

  • Bachelor's Degree in Computer Science or related technical field AND 2+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, PowerShell or Python
    • OR equivalent experience.
  • 3+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
  • 3+ years of experience of using common penetration testing tools; Kali Linux, Burpsuite, Nmap, Nessus, etc.
Preferred Qualifications

  • Penetration testing qualifications; GPEN/GXPN, GWAPT, OSCP/OSCE, CRT/CCT/CCSAS.
  • Microsoft Azure Certifications; AZ-900, AZ-500.
  • Effective written and verbal communication skills.
  • Proficient technical writing and presentation skills.
  • Proficient in developing novel tooling and techniques, as well as utilizing existing methodologies, a Red Teamer should consistently explore possibilities and persistently push the boundaries.

Software Engineering IC3 - The typical base pay range for this role across the U.S. is USD $94,300 - $182,600 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $120,900 - $198,600 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

#EOjobs

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.