Senior Security Engineer - Red Team

Overview

The Cloud & AI organization at Microsoft is dedicated to securing digital technology platforms, devices, and clouds for both customers and internal systems. Our culture emphasizes a growth mindset, inspiring excellence, and fostering daily innovation. Join the Microsoft Red Team (MRT) organization as a Senior Security Engineer - Red Team, where you will play a critical role in identifying and exploiting security vulnerabilities that impact hundreds of millions of users.

The MRT's mission is to ensure Microsoft is prepared against advanced persistent threats by pioneering new ways to discover and prevent security flaws. This role specifically focuses on exploitation across a diverse array of Microsoft services, including acquisitions, financial systems, physical facilities, and the core corporate network. Your contributions will directly enhance the security and resilience of some of the world's largest and most complex services.

Role Responsibilities

As a Senior Security Engineer - Red Team, you will lead operations and collaborate with experienced red teamers to identify and exploit vulnerabilities across all service layers: application, cloud, network, hardware, and operational security. You will work closely with developers and security personnel across Microsoft, contributing to the technical and cultural growth of the team. By adopting real-world adversarial tactics, techniques, and procedures, you will provide crucial insights to strengthen defenses against evolving digital threats.

• Discover and exploit end-to-end vulnerabilities to assess service security.
• Execute and lead Red Team operations, using adversarial tactics to validate detection, investigation, and response capabilities.
• Advocate for security improvements company-wide by building partnerships and clearly communicating risk impact.
• Analyze diverse data sources to pinpoint security weaknesses and breach points within Microsoft’s infrastructure.
• Prototype tools and techniques to scale and accelerate offensive emulation and vulnerability discovery.
• Collaborate with Blue Teams to enhance defensive readiness and develop solutions for defenders and customers.
• Analyze simulated adversary tactics and communications to enrich defensive tactics and threat intelligence.

Required Qualifications

• Bachelor's Degree in Statistics, Mathematics, Computer Science, or a related field AND 4+ years of experience in security or a related field; OR
• Equivalent experience; OR
• Master's Degree in Statistics, Mathematics, Computer Science, or a related field AND 3+ years of experience in security or a related field.
• Ability to meet Microsoft, customer, and/or government security screening requirements, including passing the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications

• 5+ years of experience in identifying security vulnerabilities, cybersecurity, or a related security discipline.

Key Skills/Competency

• Red Team Operations
• Vulnerability Exploitation
• Penetration Testing
• Adversarial Simulation
• Cloud Security
• Network Security
• Application Security
• Incident Response (understanding)
• Threat Intelligence
• Scripting/Tool Development