Security Researcher II

Social network you want to login/join with:

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aims to make the world a safer place by reshaping security and empowering users, customers, and developers with a comprehensive security cloud offering end-to-end, simplified solutions. Our organization accelerates Microsoft’s mission to secure digital platforms, devices, and clouds across diverse environments, while also safeguarding our internal estate. We foster a culture centered on a growth mindset, excellence, and innovation, creating life-changing impacts globally.

Are you intrigued by clever side-channel attacks? Do you enjoy dissecting complex firmware exploits? Passionate about security improvements in hardware, firmware, and virtualization? The Microsoft Security Response Center (MSRC) seeks a Security Researcher to analyze vulnerabilities in Microsoft’s virtualization stacks and hardware, determining their root causes, severity, and impact. Your work will shape security updates, inform research, and collaborate across teams inside and outside Microsoft to develop mitigation strategies.

We seek a security researcher passionate about hardware, firmware, and virtualization security, with qualifications including:

• Experience in software development lifecycle, large-scale computing, modeling, cybersecurity, anomaly detection, or a relevant degree/experience.
• Strong understanding of security vulnerabilities, exploitation, and prevention.
• Proficiency in developing tools and automation for security issue verification.
• Effective communication skills for security design and implementation advice.
• Familiarity with security testing tools and techniques.
• Ability to read C and/or C++ code; assembly knowledge is a plus.

• Public record of vulnerability research and discovery.
• Understanding of low-level security issues in hardware or kernel components.
• Knowledge of hypervisors and paravirtualization.

As part of MSRC, your responsibilities will include:

• Analyzing critical security vulnerabilities and advising on remediation.
• Developing tools and techniques to discover and exploit vulnerabilities.
• Conducting penetration testing on hardware, devices, and infrastructure.
• Innovating security mitigations and hardening measures.
• Using bug trend insights to guide security research and strategy.

Our benefits include healthcare, educational resources, discounts, savings, parental leave, time off, giving programs, and networking opportunities, varying by location and employment type.