Azure Penetration Test Engineer

Atmosera empowers businesses to redefine what's possible with modern technology and human expertise. Our exceptional experience across Applications, Data & AI, DevOps, Security, and the Microsoft Azure platform enables organizations to accelerate innovation, enhance security, and optimize operational agility. As a Microsoft Partner with seven specializations, GitHub AI Partner of the Year, a member of the GitHub Advisory Board, and a member of the prestigious Microsoft Intelligent Security Association (MISA), Atmosera expertly delivers cutting-edge, integrated solutions that deliver business value.

Penetration Testing and Offensive Security

Conduct penetration tests against Azure and M365 environments, including but not limited to:

Azure AD and Entra ID identity and access configurations

Privileged role assignments and conditional access policies

Azure App Services, Function Apps, Storage Accounts, SQL, Key Vault, and API endpoints

Virtual networks, NSGs, private endpoints, service endpoints, and hybrid network integrations

Microsoft 365 services including Exchange Online, SharePoint Online, Teams, and OneDrive

Simulate real‑world attacker techniques, including credential theft, token abuse, privilege escalation, lateral movement, and persistence within Azure and M365 environments.

Validate security controls implemented across Defender for Cloud, Defender for Identity, Defender for Endpoint, and Sentinel detection pipelines.

Identity and Access Attack Scenarios

Assess identity attack surfaces including:

Service principals, managed identities, and application registrations

OAuth consent abuse and Graph API permission misuse

Legacy authentication exposure and password spraying susceptibility

Privileged Identity Management configuration gaps

Demonstrate practical attack paths that result in data access, privilege escalation, or persistent control.

Reporting and Documentation

Produce clear, professional penetration test reports that include:

Executive summaries suitable for leadership review

Reproducible technical findings with evidence and attack chains

Risk ratings aligned to organizational risk models

Remediation guidance mapped to Azure and Microsoft security best practices

Present findings directly to security leadership and technical stakeholders as required.

Collaboration and Advisory Support

Work closely with:

Security Operations teams to validate detection coverage

Cloud engineering teams to confirm remediation feasibility

GRC teams to align findings with compliance requirements such as SOC 2, ISO 27001, and NIST 800‑53

Provide retesting and validation support following remediation efforts.

Continuous Improvement

Stay current on emerging Azure attack techniques, Microsoft security platform changes, and cloud exploitation research.

Contribute to internal penetration testing methodologies, tooling, and runbooks.

Minimum 5 years of professional penetration testing or offensive security experience

Strong hands‑on experience testing Microsoft Azure and Microsoft 365 environments

Deep understanding of Azure AD and Entra ID security models

Proficiency with common penetration testing tools and techniques, including PowerShell, Azure CLI, Graph API, and cloud‑specific testing frameworks

Strong knowledge of networking fundamentals, identity protocols, and authentication flows

Demonstrated ability to write high‑quality technical and executive‑level reports

Relevant certifications such as OSCP, AZ‑500, SC‑100, CRTO, or equivalent

Experience in consulting, MSSP, or regulated enterprise environments

Familiarity with Microsoft Sentinel and Defender XDR telemetry

Experience aligning penetration testing findings to NIST AI RMF, NIST CSF, or MITRE ATT&CK Cloud Matrix

High degree of professional judgment and ethical responsibility

Strong written and verbal communication skills

Ability to operate independently within defined rules of engagement

Methodical and evidence‑driven testing approach

Strong attention to detail and risk prioritization