Microsoft Senior Cloud Security Researcher – EPSF IL 

Israel, Tel Aviv District 

123244559

, withon the Adaptive Cloud domain

andling the task of extending Azure into on-prem environmentsposes complex challenges, requiringesearch skills in a broad spectrum of fieldsystems and client-side code, containers and Kubernetes, and Cloud environments.

In this role youand develop tooling to carry vulnerability research at scale, integrating with existing SSDL processes

• 8+ years of hands-on experience in offensive security research, with 2+ years focus oncontainers, Kubernetes orcloud environments

• Proven track record of discovering and responsibly disclosing security vulnerabilities

• Proficiency inreading and finding vulnerabilities in code -multiple programming and scripting languages

• Experience in writing code to complement and improve vulnerability research at scale

Preferred qualifications

• according toindustry standards for Secure Software DevelopmentLifecycles(SDL)

• Deep understanding of networking, container environments, Kubernetes and operating systems security mechanisms

• Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Advanced degrees are a plus

• Strong written and verbal communication skills, with the ability to convey complex security concepts to both technical and non-technical audiences

Responsibilities:

• Research and discover zero-day vulnerabilities in cloud environments and associated technologies. Develop and implement proof-of-concept exploits to demonstrate potential risks and work closely with engineering teams to address findings.

• Conduct in-depth threat modeling exercises to identify security risks and vulnerabilities in Microsoft's cloud infrastructure. Collaborate with cross-functional teams to assess the impact of identified threats and propose mitigation strategies.

• Design and execute sophisticated penetration tests against Microsoft's cloud services, simulating real-world attack scenarios. Provide detailed reports outlining vulnerabilities, exploitation techniques, and recommended remediation steps.

• Create and maintain cutting-edge vulnerability discovery, exploitation, and penetration testing tools in cloud environments. Stay abreast of the latest security research and integrate innovative techniques into the offensive security toolkit.

• Collaborate with internal security teams to enhance overall security posture, including incident response and defensive security. Participate in knowledge-sharing initiatives, mentor junior team members, and contribute to the security community.