Senior Security Engineer

Redmond, WA
Permanent
Full-time

24 days ago

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.We are looking for a reliable and collaborative Senior Security Engineer with excellent judgment and a well-rounded background in security and software engineering to help tackle complex security challenges in Azure through a data - and product-driven lens. In this role, you will advance security by working with other Security Engineers, Program and Product Managers, Developers, and business leaders throughout Microsoft to turn individual findings and vulnerabilities into patterns and insights that can be measured and managed through engineering, automation, and other appropriate mitigations. You will provide technical security leadership both inside and outside of Microsoft and stay on top of current developments for the benefit of Microsoft products and services.This is a US-based role and a flexible work opportunity that can be fully remote, hybrid, or full-time onsite.Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.Responsibilities:Vulnerability discovery, variant hunting, and penetration testing: Using the best available and most appropriate methodologies - such as threat modeling, penetration testing, security design analysis, fuzzing, SAST and DAST - you will conduct in-depth assessments of selected target systems in detail to identify vulnerabilities and weaknesses. You'll also perform variant hunting looking for larger patterns, conduct qualitative and quantitative analysis over those patterns, and drive solutions upstream in a data-driven, shift-left fashion.
Solution design and delivery: You will help design solutions for security problems, partner with service teams and other security stakeholders to ensure rapid adoption of solutions and mitigation of threats from beginning to end.
Threat modeling / Architecture reviews: You will review the design of services from a security perspective to identify vulnerabilities and weaknesses in the architecture, make appropriate recommendations, and guide teams to implement those recommendations.
Software Development: You will prototype and create tools and scanners to automate the discovery and prevention of vulnerabilities across Azure services.
Follow through and closure: You will partner with engineers, product and program managers, and leaders around the company to ensure the successful completion of work to address your findings.Other : Embody our andQualifications:Required Qualifications:Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in security or related fieldOR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in security or related fieldOR equivalent experience.3+ years of experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.3+ years of experience in a hands-on security role, with demonstrable software engineering skills.3+ years of demonstrated coding skills in one or more popular languages and platforms - such as C#, Java, C++, JavaScript/Typescript, SQL, assembly, Ruby, Python, GoLang.3+ years of technical experience with multiple classes of vulnerabilities - such as cross-site scripting, buffer overflows, SQL injection, TOCTOU (Time of Check Time of Use) vulnerabilities, crypt ographic weaknesses, insecure direct object references.Preferred Qualifications:Bachelor's Degree in Statistics, Mathematics, Computer Science. Engineering, or related field AND 8+ years experience in security or related fieldOR Master's Degree in Statistics, Mathematics, Computer Science, Engineering or related field AND 6+ years experience in security or related field
OR equivalent experience.Experience in technical disciplines outside the security space, including general softwaredevelopment, networking, database management, big data and full-stack development.Demonstrated knowledge and understanding of Microsoft Azure or competing cloud services.Ability to pick up new languages, platforms, and frameworks platforms quickly.Ability to communicate about them to technical and non-technical audiences.Penetration Testing IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until August 21, 2024.#DevSec #VariantHunting #PenTestingMicrosoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the .

Microsoft

Apply Now