Offensive Cybersecurity Penetration Tester

The Trust and Integrity Protection (TrIP) team supports the company’s overall security and privacy mission by providing key security services that help protect systems, services, data.Are you passionate about identifying security vulnerabilities and risks in enterprise-scale systems with specific focus on Artificial Intelligence (AI)? Do you want the challenge of conducting penetration tests against some of the world’s most cutting-edge technology implementations? Are you a red teamer and interested in AI and excited about technology like Generative Pretrained Transformer 4 (GPT4)? Do you want to find and exploit security vulnerabilities in Microsoft’s largest AI systems impacting millions of users?The TrIP Offensive Cyber Security Team is an interdisciplinary group of internal penetration testing and offensive security team, tasked with identifying security flaws across the entire Microsoft Customer and Partner Solutions (MCAPS) technology estate.We are looking for an Offensive Cybersecurity Penetration Tester to help make AI security better.Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.• *Responsibilities**+ Discover and exploit vulnerabilities end-to-end in order to assess the security of AI systems.+ Execute offensive operations on production AI systems using real world adversarial tactics and techniques to identify failures.+ Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery specific for AI systems.+ Collaborate with teams to influence measurement and mitigations of these vulnerabilities in AI systems.+ Research new and emerging threats to inform the organization including prompt injection, improve red teaming efficacy and accuracy, and stay relevant.+ As an AI Penetration Tester for TrIP’s Offensive Cybersecurity Team, you will discover and exploit vulnerabilities end-to-end in order to assess the security of AI systems.+ Execute Penetration Testing operations on production AI systems using real world adversarial tactics and techniques to identify failures.+ The candidate who is well-suited for this role will possess solid technical skills, coupled with a passion for identifying security flaws and developing innovative solutions.+ Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery specific for AI systems.+ Perform research to stay current with penetration testing tools, methodologies, tactics, and mitigations.+ Develop, operationalize and maintain penetration testing procedures and methodologies.+ Produce high-quality papers, presentations, as well as recommendations to key stakeholders.+ Research new and emerging threats to inform the organization, improve red teaming efficacy and accuracy, and stay relevant.+ Team up with other Offensive Security personnel at Microsoft to leverage the latest trends, and identify good opportunities for attack.+ Discovery of Problems/Identifying Vulnerabilities in Generative AI and AI systems.+ Embody our culture (https://careers.microsoft.com/v2/global/en/culture) and values (https://www.microsoft.com/en-us/about) .• *Qualifications**• *Required Qualifications**+ Bachelor's Degree in Computer Science or related technical field AND 2+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, PowerShell or Python+ OR equivalent experience.+ 1+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.+ 1+ years of experience of using common penetration testing tools; Kali Linux, Burpsuite, Nmap, Nessus, etc.• *Preferred Qualifications**+ Bachelor's Degree in Computer Science or related technical field AND 4+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python+ OR Master's Degree in Computer Science or related technical field AND 2+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python+ OR equivalent experience.+ Penetration testing qualifications; PNPT, GPEN/GXPN, GWAPT, OSCP/OSCE, CRT/CCT/CCSAS and/or equivalent.+ Microsoft Azure Certifications; AZ-900, AZ-500, AI-900.+ Familiarity with MITRE ATLAS/ OWASP top 10 LLMS.Software Engineering IC3 - The typical base pay range for this role across the U.S. is USD $98,300 - $193,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $127,200 - $208,800 per year.Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-payMicrosoft will accept applications for the role until April 26, 2025.\#EDOTjobsMicrosoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .