Senior Security Researcher

Microsoft Canberra, Australian Capital Territory, Australia 1 week ago Be among the first 25 applicants and penetration tester to help evaluate and perform offensive security operations against our M365 Copilot suite of products. You will perform research with your team to identify and validate vulnerabilities from external research as well as proactive engagements. AI agent security as well as M365 chat security will be in areas of responsibility, and also the infrastructure which supports it. We want to move from reactive to proactive, translating findings to actionable code fixes within the product groups. You'll have access to the latest AI systems and the freedom to explore creative attack scenarios while contributing to the security of millions worldwide. Along with running offensive security operations on the suite of products, you will also have the freedom to use AI to help in the roles responsibilities itself. Developing tooling and new code via AI and leveraging AI to look for vulnerabilities in a scalable manner. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. Responsibilities Research & Threat Analysis: Investigate emerging AI security threats, attack techniques, and their potential impact on Microsoft 365 Copilot services. Partner with Security Architecture to inform architectural improvements based on research findings. Testing & Exploitation: Design and implement methodologies and tools for evaluating AI agent security, including multi‑agent system exploitation. Execute comprehensive penetration tests on AI platforms, focusing on prompt injection, jailbreaking, and workflow manipulation. Identify and validate vulnerabilities through hands‑on testing, developing proof‑of‑concept exploits that simulate real‑world attack scenarios. Framework & Tool Development: Contribute to the creation of AI security testing frameworks and automated validation tools. Collaborate with AI engineering teams to verify security fixes through iterative testing and validation. Reporting & Knowledge Sharing: Produce detailed technical reports and advisories that translate complex findings into actionable remediation strategies. Share expertise and mentor team members on AI security testing techniques and vulnerability discovery. Required Qualifications Master’s Degree in Statistics, Mathematics, Computer Science or related field OR 5+ years experience in software development lifecycle, large‑scale computing, modeling, cybersecurity, and/or anomaly detection. Solid understanding of AI attack vectors including prompt injection, agent manipulation, and workflow exploitation. Hands‑on experience discovering and exploiting vulnerabilities in AI systems and platforms. Proficiency in Python with experience in AI frameworks and security testing tools. Ability to read and analyze code across multiple languages and codebases. Preferred Qualifications Direct experience testing AI agent platforms, conversational AI systems, or AI orchestration architectures. Published security research or conference presentations on AI security topics. Background in software engineering with distributed systems expertise. Security certifications such as OSCP, OSCE, GPEN, or similar. Knowledge of AI agent communication protocols and multi‑agent architectures. Other Requirements Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check - This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations. #J-18808-Ljbffr