Penetration Tester: Internship Opportunity
Microsoft
Come build community, explore your passions and do your best work at Microsoft with thousands of University interns from every corner of the world. This opportunity will allow you to bring your aspirations, talent, potential—and excitement for the journey ahead.
SERPENT (Services Pentest) is looking for a learn-it-all engineer excited to secure Microsoft products and devices through real-world penetration testing, research, and security innovation.
Are you looking for a challenge that puts you at the center of the Microsoft Specialized Clouds strategy? Are you passionate about solving the security challenges of critical, large-scale online services? Do you want to learn how Microsoft defends some of the world’s most important cloud and device ecosystems?
If you’re passionate about penetration testing, variant research, and hands-on security, this role is for you.
Microsoft’s Specialized Clouds organization is responsible for securing some of Microsoft’s largest and most influential online services across the Adaptive Cloud and Windows + Devices (W+D) organization.
The EPSF Services Pentest (SERPENT) team is expanding and looking for interns who want to grow their offensive security skills while helping increase our business partners’ security posture.
EPSF Security has a world-class penetration testing team that helps ensure a safe, resilient experience for millions of users worldwide. We focus heavily on offensive security, application security, variant discovery, and collaborating with defensive teams to enhance detection and operational awareness.
At Microsoft, Interns work on real-world projects in collaboration with teams across the world, while having fun along the way. You’ll be empowered to build community, explore your passions and achieve your goals. This is your chance to bring your solutions and ideas to life while working on cutting-edge technology.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
- Participate in penetration tests, security reviews, and variant-hunting exercises for Microsoft products and services—including design reviews, code reviews, and exploit proof-of-concept development
- Support analysis of emerging threats and contribute to improving the security of next-generation Windows, Azure, and specialized cloud services
- Apply a current and evolving understanding of offensive security techniques to propose new protections and reinforce secure design
- Engage with internal and external security researchers, contributing to a culture of curiosity and continuous learning
- Collaborate with product teams to improve security posture and articulate the business value of security insights
- Participate in the SERPENT OODA Loop (Observe → Orient → Decide → Act) to scale offensive insights across Microsoft
Qualifications
Required Qualifications:
- Candidate must be enrolled in a full time bachelor's or masters program in an area relevant for the role during the academic term immediately before their internship.
- Must have at least one semester or term of school remaining following the completion of the internship
Preferred Qualifications:
- Familiarity with reading Python or C#
- Demonstrated interest in cybersecurity, penetration testing, or vulnerability research
- Curiosity, willingness to learn, ability to ask strong technical questions, and passion for solving complex problems
- Participation in Capture the Flag (CTF) challenges, security labs, hackathons, or research projects
- Coding experience in C#, Java, Python, Rust, Go, or JavaScript/TypeScript
- Familiarity with cloud concepts (Azure preferred) or distributed systems
- Understanding of static analysis or experience auditing code for vulnerabilities
- Knowledge of memory corruption, web security, identity, authentication, or operating system internals
The base pay range for this internship is USD $5610.00 - $11010.00 per month. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $7270.00 - $12030.00 per month.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-intern-pay
Microsoft accepts applications and processes offers for these roles on an ongoing basis throughout the academic calendar (September - April)
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.