Microsoft's Artificial Intelligence Products Group (AI Products) is looking for a technical program manager with solid security chops to help evolve the security strategy across our online services and infrastructure. We support over 5000 engineers working on some of the most innovative products. We provide support for Microsoft's Bing search and cross company platforms such as search, user personalization, targeted advertising and big data platform.
The ideal candidate:
Can wear multiple security hats: engineer, architect, analyst, threat modeler and security risk advisor.
Can identify security flaws in software, complex multi-tiered cloud services, third-party connected services, mobile apps through deep threat modelling.
Is capable of providing prescriptive security guidance to engineering teams on security bug fixes.
Is able to collaborate with security teams across Microsoft to proactively identify security improvements, including those to address emerging threats and new technologies.
Has solid program management skills to drive wide-scale security incidents across teams to closure.
Excellent interpersonal skills, and strong written and verbal communication skills.
Has keen interest in researching new security technologies and perform cutting-edge research on new attacks.
BS degree in Computer Science or related engineering field is required
6+ years professional experience in security development and engineering, security consulting, or network and/or application penetration testing.
Coding skills in one or more general purpose scripting languages.
3+ years of hands-on and strong experience with the Security Development Lifecycle (SDL) or in program management in large scale/high volume deployments.
Deep knowledge in common classes of software vulnerabilities such as XSS, CSRF, SQLi (OWASP Top 10), cryptographic attacks and beyond.
High enthusiasm, integrity, ingenuity, results-orientation, self-motivation, and resourcefulness in a fast-paced competitive environment.
Bonus points for published research or conference presentations.
Bonus points for deep knowledge in infrastructure and operational security.
Familiarity with C# .NET is highly recommended but not required.
Familiarity with Objective C, Swift and general iOS development practices.
Familiarity with Java and Android.
Knowledge about Azure technologies is preferred but not required.
Working knowledge of Windows and Linux internals.
Working knowledge of O365 services and API's but not required.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
Provide security guidance, specify app security controls, evaluate existing security controls, host threat modelling exercises with teams responsible for new services, apps, features, API's, devices and third party connections.
Influence dev/ops leads and engineers to commit to deploy security controls to meet SDL compliance requirements.
Host threat modelling sessions with dev and engineers to determine where trust boundaries require additional security controls.
Specify new security controls needed to reduce risks identified from security reviews and threat modelling exercises or from security incidents, and specify these new controls as requirements to be added the organization's SDL process.
Proactively research new technologies, make technology recommendations.
Define and document security guidance documents to instruct dev leads and engineers on how best to deploy new security controls.
Create and provide security technical training for developers and engineers.
Drive and cultivate a positive culture of security across the engineering teams.
Collaborate with corporate security teams to provide feedback into new requirements and provide engineering implications.
Work with our security tools team and product teams to identify, define and implement security controls and automation.