Principal Penetration Testing Engineer

• Plan, research, and execute testing of computer systems and applications to simulate real-world attacks on Microsoft’s services and infrastructure.
• Assess existing security capabilities to detect and respond to emerging threats.
• Outline and document risk impacts in executive summary reports and communicate findings to relevant stakeholders.
• Perform research to stay current with penetration testing tools, methodologies, tactics, and mitigations.
• Participate as an infrastructure/operation specialist in overt penetration testing engagements, including Purple Team exercises where we emulate real-world adversaries.
• Develop and maintain penetration testing procedures and methodologies.
• Conduct research to remain updated with the latest in application security, both offensive and defensive techniques, and share findings within the Microsoft Security Community.

• Experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
• Experience with penetration testing/red-teaming, cloud, services, and network security.
• Strong coding skills in languages such as C#, Python, C++, Go, PowerShell, ASP.NET, JavaScript.
• Preferred: Master’s degree in computer science, software engineering, information security, or equivalent work experience.
• Certifications such as GPEN, GWAPT, GXPN, OSCP, OSCE, or similar.
• Proven ability to learn new attack vectors quickly and creatively identify threats.
• Effective collaboration skills and ability to handle ambiguity.
• Experience with APT emulation, purple teaming, and threat intelligence.
• Experience exploiting bugs and bypassing security mitigations in operating systems.

• This position requires UK citizenship verification due to legal restrictions, supporting UK government agency customers.
• Ability to meet Microsoft, customer, and government security screening requirements, including passing the Microsoft Cloud Background Check annually.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration without regard to age, ancestry, gender, or other protected characteristics. For disability accommodations, please contact us via the Accommodation request form.