INTERNSHIP DETAILS

Security Research Intern

CompanyMicrosoft
LocationIsrael
Work ModeOn Site
PostedJuly 5, 2026
Internship Information
Core Responsibilities
The intern will identify vulnerabilities in next-generation cloud platforms and improve security telemetry and logging to detect sophisticated attacks. They will analyze nation-state attack patterns and collaborate with engineering teams to integrate protection logic into production code.
Internship Type
full time
Company Size
233715
Visa Sponsorship
No
Language
English
Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page

About The Company
Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today. Our culture doesn’t just encourage curiosity; it embraces it. Each day we make progress together by showing up as our authentic selves. We show up with a learn-it-all mentality. We show up cheering on others, knowing their success doesn't diminish our own. We show up every day open to learning our own biases, changing our behavior, and inviting in differences. Because impact matters. Microsoft operates in 190 countries and is made up of approximately 228,000 passionate employees worldwide.
About the Role
Overview

The Microsoft Specialized Clouds Vulnerability Research team (STORM) is seeking a Security Research Intern to help strengthen the security visibility of Microsoft’s next-generation cloud platforms. STORM is an offensive security research group focused on identifying vulnerabilities across cutting-edge cloud technologies. As part of our growing Blue Team research efforts, this role will contribute to improving the telemetry, logging, and audit capabilities needed to detect sophisticated attacks. Working alongside security researchers, architects, and engineering teams, you will review products during development, identify gaps in security visibility, and help ensure security monitoring capabilities are built in before products reach customers.This hands-on internship offers significant ownership, mentorship from senior researchers, and exposure to technologies that are not yet publicly available. You will analyze product architectures and threat models, assess and improve security telemetry, validate detection coverage for real-world vulnerabilities, develop automation and hunting capabilities, and collaborate closely with engineering teams to integrate security visibility throughout the product lifecycle. Along the way, you will gain practical experience in cloud security research, detection engineering, threat hunting, telemetry design, distributed systems, Kubernetes security, platform security, and AI-assisted security workflows, while directly contributing to the security of Microsoft’s Sovereign Cloud and Adaptive Cloud platforms.



Responsibilities
  • Investigate real-world nation state attacks to support the development of high-fidelity protection logic across complex cross-domain kill-chains. 

  • Apply security expertise to analyze massive telemetry sets using big-data query languages (KQL), reasoning over data to identify novel malicious patterns and engineer evidence-based detection rules. 

  • Contribute to the implementation and coding of automated capabilities that autonomously investigate nation state threats, using AI assisted tooling and agentic flows.  

  • Assist in the refinement of protection coverage by analyzing real-world attack telemetry to improve the accuracy and performance of existing detection logics. 

  • Contribute to a strategic feedback loop by documenting findings from attack data analysis to improve overall protection logic and system-wide security posture. 

  • Partner with engineering and product teams to translate research insights into production-ready code, helping to validate protection concepts and ship them at a global scale. 



Qualifications

Qualifications 

Required 

  • Currently pursuing a B.Sc., M.Sc., or Ph.D. in Computer Science, Computer Engineering, Cybersecurity, or a related technical field, with at least one year remaining before graduation. 

  • Solid understanding of computer science fundamentals, including operating systems, networking, software engineering, and distributed systems concepts. 

  • Experience developing software or automation in one or more modern programming languages (e.g., Python, C#, Go, Java, or C/C++). 

  • Strong analytical and problem-solving skills, with the ability to investigate complex technical systems and identify root causes. 

  • Self-motivated learner who can work independently while collaborating effectively with researchers, security engineers, and product teams. 

Preferred 

  • Interest in cloud security, threat hunting, detection engineering, incident response, or Blue Team security research. 

  • Experience analyzing large datasets, logs, telemetry, or security events to identify anomalies and security-relevant patterns. 

  • Familiarity with cloud platforms, Kubernetes, containers, or modern distributed systems architectures. 

  • Understanding of operating system and networking fundamentals, including Windows or Linux internals, authentication, protocols, and security controls. 

  • Experience building automation, security tooling, or using AI-assisted workflows to improve investigations, analysis, or security operations. 

  • Demonstrated passion for security through personal research projects, Capture-the-Flag (CTF) competitions, vulnerability research, open-source contributions, or related activities. 


This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.




Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

Key Skills
Cloud SecurityThreat HuntingDetection EngineeringKQLPythonC#GoJavaC/C++KubernetesDistributed SystemsTelemetry DesignVulnerability ResearchOperating SystemsNetworkingAI-assisted Security
Categories
Security & SafetyTechnologySoftwareEngineeringScience & Research