Security Researcher II

Sydney, New South Wales, Australia

• 3 more locations

Date posted

Oct 29, 2025

Job number

1903611

Work site

0 days / week in-office - remote

Travel

0-25%

Role type

Individual Contributor

Profession

Security Engineering

Discipline

Security Research

Employment type

Full-Time

We are a team in M365 Core called Substrate; we have the massive responsibility and charter to help ensure the security and trustworthiness of M365 product suite. We want to reshape and modernize security to empower every user, customer, and developer with a secure cloud that protects them with end-to-end via our solutions. The M365 Substrate organization accelerates Microsoft's mission via bold ambitions to ensure that our company and industry are securing digital technology platforms, devices, and clouds across our estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

The Security Engineering team within M365 Core helps to identify threats and gaps in the infrastructure that hosts the planet's largest, most influential organizations. We are looking for individuals who are forging the pentest discipline in new and modern ways in the era of AI. The role will encompass a blend of research and testing which we will guide our collective engineering organizations to secure their products in the most uniform and durable solutions possible. This role as a Security Researcher will provide the opportunity to work on services which are global scale and provide unique experiences which are hard to replicate or find outside of a major SAAS provider. You will Researcher and penetration tester to help evaluate and perform offensive security operations against our M365 Copilot suite of products.

As a Security Researcher II you will perform research with your team to identify and validate vulnerabilities from external research as well as proactive engagements. AI agent security as well as M365 chat security will be in areas of responsibility, and also the infrastructure which supports it. We want to move from reactive to proactive, translating findings to actionable code fixes within the product groups. You'll have access to the latest AI systems and the freedom to explore creative attack scenarios while contributing to the security of millions worldwide. Along with running offensive security operations on the suite of products, you will also have the freedom to use AI to help in the roles responsibilities itself. Developing tooling and new code via AI and leveraging AI to look for vulnerabilities in a scalable manner.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required Qualifications:

• Bachelor's Degree in Statistics, Mathematics, Computer Science or related field OR 3+ years experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection.
• 3+ years of experience in security research, penetration testing, or offensive security roles, with demonstrated expertise in AI/ML security
• Strong understanding of AI attack vectors including prompt injection, agent manipulation, and workflow exploitation
• Hands-on experience discovering and exploiting vulnerabilities in AI systems and platforms.
• Proficiency in Python with experience in AI frameworks and security testing tools
• Ability to read and analyze code across multiple languages and codebases

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Direct experience testing AI agent platforms, conversational AI systems, or AI orchestration architectures.
• Published security research or conference presentations on AI security topics.
• Background in software engineering with distributed systems expertise.
• Security certifications such as OSCP, OSCE, GPEN, or similar.
• Knowledge of AI agent communication protocols and multi-agent architectures.

• Research & Threat Analysis: Investigate emerging AI security threats, attack techniques, and their potential impact on Microsoft 365 Copilot services.
• Partner with Security Architecture to inform architectural improvements based on research findings.
• Testing & Exploitation: Design and implement methodologies and tools for evaluating AI agent security, including multi-agent system exploitation.
• Execute comprehensive penetration tests on AI platforms, focusing on prompt injection, jailbreaking, and workflow manipulation.
• Identify and validate vulnerabilities through hands-on testing, developing proof-of-concept exploits that simulate real-world attack scenarios.
• Framework & Tool Development: Contribute to the creation of AI security testing frameworks and automated validation tools.
• Collaborate with AI engineering teams to verify security fixes through iterative testing and validation.
• Reporting & Knowledge Sharing: Produce detailed technical reports and advisories that translate complex findings into actionable remediation strategies. Share expertise and mentor team members on AI security testing techniques and vulnerability discovery.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.



Industry leading healthcare



Educational resources



Discounts on products and services



Savings and investments



Maternity and paternity leave



Generous time away



Giving programs



Opportunities to network and connect

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.