Overview
We are a team in M365 Core called Substrate; we have the massive responsibility and charter to help ensure the security and trustworthiness of M365 product suite. We want to reshape and modernize security to empower every user, customer, and developer with a secure cloud that protects them with end-to-end via our solutions. The M365 Substrate organization accelerates Microsoft's mission via bold ambitions to ensure that our company and industry are securing digital technology platforms, devices, and clouds across our estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.
The Security Engineering team within M365 Core helps to identify threats and gaps in the infrastructure that hosts the planet's largest, most influential organizations. We are looking for individuals who are forging the pentest discipline in new and modern ways in the era of AI. The role will encompass a blend of research and testing which we will guide our collective engineering organizations to secure their products in the most uniform and durable solutions possible. This role as a Security Researcher will provide the opportunity to work on services which are global scale and provide unique experiences which are hard to replicate or find outside of a major SAAS provider. You will Researcher and penetration tester to help evaluate and perform offensive security operations against our M365 Copilot suite of products.
As a Security Researcher II you will perform research with your team to identify and validate vulnerabilities from external research as well as proactive engagements. AI agent security as well as M365 chat security will be in areas of responsibility, and also the infrastructure which supports it. We want to move from reactive to proactive, translating findings to actionable code fixes within the product groups. You'll have access to the latest AI systems and the freedom to explore creative attack scenarios while contributing to the security of millions worldwide. Along with running offensive security operations on the suite of products, you will also have the freedom to use AI to help in the roles responsibilities itself. Developing tooling and new code via AI and leveraging AI to look for vulnerabilities in a scalable manner.
Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
* Research & Threat Analysis: Investigate emerging AI security threats, attack techniques, and their potential impact on Microsoft 365 Copilot services.
* Partner with Security Architecture to inform architectural improvements based on research findings.
* Testing & Exploitation: Design and implement methodologies and tools for evaluating AI agent security, including multi‑agent system exploitation.
* Execute comprehensive penetration tests on AI platforms, focusing on prompt injection, jailbreaking, and workflow manipulation.
* Identify and validate vulnerabilities through hands‑on testing, developing proof‑of‑concept exploits that simulate real‑world attack scenarios.
* Framework & Tool Development: Contribute to the creation of AI security testing frameworks and automated validation tools.
* Collaborate with AI engineering teams to verify security fixes through iterative testing and validation.
* Reporting & Knowledge Sharing: Produce detailed technical reports and advisories that translate complex findings into actionable remediation strategies. Share expertise and mentor team members on AI security testing techniques and vulnerability discovery.
#J-18808-Ljbffr