Microsoft

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

We are looking for a reliable and collaborative Senior Security Engineer with excellent judgment and a well-rounded background in security and software engineering to help tackle complex security challenges in Azure through a data - and product-driven lens. In this role, you will advance security by working with other Security Engineers, Program and Product Managers, Developers, and business leaders throughout Microsoft to turn individual findings and vulnerabilities into patterns and insights that can be measured and managed through engineering, automation, and other appropriate mitigations. You will provide technical security leadership both inside and outside of Microsoft and stay on top of current developments for the benefit of Microsoft products and services.

This is a US-based role and a flexible work opportunity that can be fully remote, hybrid, or full-time onsite.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

• Vulnerability discovery, variant hunting, and penetration testing: Using the best available and most appropriate methodologies - such as threat modeling, penetration testing, security design analysis, fuzzing, SAST and DAST - you will conduct in-depth assessments of selected target systems in detail to identify vulnerabilities and weaknesses. You'll also perform variant hunting looking for larger patterns, conduct qualitative and quantitative analysis over those patterns, and drive solutions upstream in a data-driven, shift-left fashion.
• Solution design and delivery: You will help design solutions for security problems, partner with service teams and other security stakeholders to ensure rapid adoption of solutions and mitigation of threats from beginning to end.
• Threat modeling / Architecture reviews: You will review the design of services from a security perspective to identify vulnerabilities and weaknesses in the architecture, make appropriate recommendations, and guide teams to implement those recommendations.
• Software Development: You will prototype and create tools and scanners to automate the discovery and prevention of vulnerabilities across Azure services.
• Follow through and closure: You will partner with engineers, product and program managers, and leaders around the company to ensure the successful completion of work to address your findings.

Other

• Embody our culture and values

Required Qualifications:

• Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in security or related field
  • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in security or related field
  • OR equivalent experience
• 4+ years of experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
• 4+ years of experience in a hands-on security role, with demonstrable software engineering skills
• 4+ years of demonstrated coding skills in one or more popular languages and platforms - such as C#, Java, C++, JavaScript/Typescript, SQL, assembly, Ruby, Python, GoLang - and the ability to pick up new languages, platforms, and frameworks platforms quickly
• 4+ years of technical experience with multiple classes of vulnerabilities - such as cross-site scripting, buffer overflows, SQL injection, TOCTOU (Time of Check Time of Use) vulnerabilities, cryptographic weaknesses, insecure direct object references - and the ability to communicate about them to technical and non-technical audiences

Other Requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Bachelor's Degree in Statistics, Mathematics, Computer Science. Engineering, or related field AND 8+ years experience in security or related field
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Engineering or related field AND 6+ years experience in security or related field
  • OR equivalent experience
• Experience in technical disciplines outside the security space, including general software development, networking, database management, big data and full-stack development
• Demonstrated knowledge and understanding of Microsoft Azure or competing cloud services

Penetration Testing IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until July 14, 2025

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#DevSec #VariantHunting #PenTesting