atmosera - Azure Penetration Test Engineer
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Minimum 5 years of professional penetration testing or offensive security experience • Strong hands‑on experience testing Microsoft Azure and Microsoft 365 environments • Deep understanding of Azure AD and Entra ID security models • Proficiency with common penetration testing tools and techniques, including PowerShell, Azure CLI, Graph API, and cloud‑specific testing frameworks • Strong knowledge of networking fundamentals, identity protocols, and authentication flows • Demonstrated ability to write high‑quality technical and executive‑level reports • Relevant certifications such as OSCP, AZ‑500, SC‑100, CRTO, or equivalent • Experience in consulting, MSSP, or regulated enterprise environments • Familiarity with Microsoft Sentinel and Defender XDR telemetry • Experience aligning penetration testing findings to NIST AI RMF, NIST CSF, or MITRE ATT&CK Cloud Matrix • ## Competencies and Attributes • High degree of professional judgment and ethical responsibility • Strong written and verbal communication skills • Ability to operate independently within defined rules of engagement • Methodical and evidence‑driven testing approach • Strong attention to detail and risk prioritization • ## Working Conditions • This role may require participation in authorized testing windows, coordination across time zones, and occasional after‑hours testing based on client or organizational requirements. • This is a contractor position in the United States with the ability to work from home but may require travel to a client site.
Responsibilities
• Penetration Testing and Offensive Security • Conduct penetration tests against Azure and M365 environments, including but not limited to: • Azure AD and Entra ID identity and access configurations • Privileged role assignments and conditional access policies • Azure App Services, Function Apps, Storage Accounts, SQL, Key Vault, and API endpoints • Virtual networks, NSGs, private endpoints, service endpoints, and hybrid network integrations • Microsoft 365 services including Exchange Online, SharePoint Online, Teams, and OneDrive • Simulate real‑world attacker techniques, including credential theft, token abuse, privilege escalation, lateral movement, and persistence within Azure and M365 environments. • Validate security controls implemented across Defender for Cloud, Defender for Identity, Defender for Endpoint, and Sentinel detection pipelines. • Identity and Access Attack Scenarios • Assess identity attack surfaces including: • Service principals, managed identities, and application registrations • OAuth consent abuse and Graph API permission misuse • Legacy authentication exposure and password spraying susceptibility • Privileged Identity Management configuration gaps • Demonstrate practical attack paths that result in data access, privilege escalation, or persistent control. • Reporting and Documentation • Produce clear, professional penetration test reports that include: • Executive summaries suitable for leadership review • Reproducible technical findings with evidence and attack chains • Risk ratings aligned to organizational risk models • Remediation guidance mapped to Azure and Microsoft security best practices • Present findings directly to security leadership and technical stakeholders as required. • Collaboration and Advisory Support • Work closely with: • Security Operations teams to validate detection coverage • Cloud engineering teams to confirm remediation feasibility • GRC teams to align findings with compliance requirements such as SOC 2, ISO 27001, and NIST 800‑53 • Provide retesting and validation support following remediation efforts. • Continuous Improvement • Stay current on emerging Azure attack techniques, Microsoft security platform changes, and cloud exploitation research. • Contribute to internal penetration testing methodologies, tooling, and runbooks.
No credit card. Takes 10 seconds.