Senior Security Software Engineer

Share job

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate.

Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. We are looking for a reliable and diligent security engineer with excellent judgment and a strong track record in security and software engineering, who can bring his or her experience to help drive solutions for the most challenging security problems in Azure through a data-driven, product-driven lens In this role, you will advance security by working with other Security Engineers, Program and Product Managers, and Developers, as well as business leaders throughout Microsoft to turn individual findings and vulnerabilities into patterns and insights that can be measured and managed through engineering, automation, and other appropriate mitigations.

You will provide technical security leadership, inside and outside of Microsoft and stay on top of current developments for the benefit of Microsoft products and services. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

• Strong leadership, empathy, and interpersonal skills.
• Bachelor of Science in Computer Science, Mathematics, Engineering or equivalent experience or education
• 8+ years’ experience in a hands-on security role, with demonstrable software engineering skills
• Expert level knowledge regarding multiple classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU (Time of Check Time of Use) vulnerabilities, cryptographic weaknesses, insecure direct object references, and others, and the ability to communicate about them to technical and non-technical audiences
• Demonstrated coding skills in one or more popular languages and platforms, including C#, Java, C++, JavaScript/Typescript, SQL, assembly, Ruby, Python, GoLang, and others, and the ability to pick up new languages, platforms, and frameworks platforms quickly
• Demonstrated knowledge and understanding of Microsoft Azure or competing cloud services.

• Vulnerability discovery and variant hunting: Using the best available and most appropriate methodologies, including threat modeling, penetration testing, security design analysis, fuzzing, SAST and DAST, etc., you will examine chosen target systems in detail, looking for vulnerabilities and weaknesses, perform variant hunting looking for larger patterns, conduct qualitative and quantitative analysis over those patterns, and drive solutions upstream in a data-driven, shift-left fashion.
• Solution design and delivery: You will help design solutions for security problems, partner with service teams and other security stakeholders to ensure rapid adoption of solutions and mitigation of threats from beginning to end.
• Threat modeling / Architecture reviews: You will review the design of services from a security perspective to identify vulnerabilities and weaknesses in the architecture, make appropriate recommendations, and guide teams to implement those recommendations.
• Follow through and closure. You will partner with engineers, product and program managers, and leaders around the company to ensure the successful completion of work to address your findings.
• Software Development – You will prototype and create tools and scanners to automate the discovery and prevention of vulnerabilities across Azure services