Senior Security Engineer

Microsoft Corporation Bellevue , WA 98009

Posted 2 months ago

Microsoft's Artificial Intelligence Products Group (AI Products) is looking for a technical program manager with solid security chops to help evolve the security strategy across our online services and infrastructure. We support over 5000 engineers working on some of the most innovative products. We provide support for Microsoft's Bing search and cross company platforms such as search, user personalization, targeted advertising and big data platform.

The ideal candidate:

  • Can wear multiple security hats: engineer, architect, analyst, threat modeler and security risk advisor.

  • Can identify security flaws in software, complex multi-tiered cloud services, third-party connected services, mobile apps through deep threat modelling.

  • Is capable of providing prescriptive security guidance to engineering teams on security bug fixes.

  • Is able to collaborate with security teams across Microsoft to proactively identify security improvements, including those to address emerging threats and new technologies.

  • Has solid program management skills to drive wide-scale security incidents across teams to closure.

  • Excellent interpersonal skills, and strong written and verbal communication skills.

  • Has keen interest in researching new security technologies and perform cutting-edge research on new attacks.

Basic Qualifications

  • BS degree in Computer Science or related engineering field is required

  • 6+ years professional experience in security development and engineering, security consulting, or network and/or application penetration testing.

  • Coding skills in one or more general purpose scripting languages.

  • 3+ years of hands-on and strong experience with the Security Development Lifecycle (SDL) or in program management in large scale/high volume deployments.

  • Deep knowledge in common classes of software vulnerabilities such as XSS, CSRF, SQLi (OWASP Top 10), cryptographic attacks and beyond.

  • High enthusiasm, integrity, ingenuity, results-orientation, self-motivation, and resourcefulness in a fast-paced competitive environment.

  • Bonus points for published research or conference presentations.

  • Bonus points for deep knowledge in infrastructure and operational security.

Technologies:

  • Familiarity with C# .NET is highly recommended but not required.

  • Familiarity with Objective C, Swift and general iOS development practices.

  • Familiarity with Java and Android.

  • Knowledge about Azure technologies is preferred but not required.

  • Working knowledge of Windows and Linux internals.

  • Working knowledge of O365 services and API's but not required.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

  • Provide security guidance, specify app security controls, evaluate existing security controls, host threat modelling exercises with teams responsible for new services, apps, features, API's, devices and third party connections.

  • Influence dev/ops leads and engineers to commit to deploy security controls to meet SDL compliance requirements.

  • Host threat modelling sessions with dev and engineers to determine where trust boundaries require additional security controls.

  • Specify new security controls needed to reduce risks identified from security reviews and threat modelling exercises or from security incidents, and specify these new controls as requirements to be added the organization's SDL process.

  • Proactively research new technologies, make technology recommendations.

  • Define and document security guidance documents to instruct dev leads and engineers on how best to deploy new security controls.

  • Create and provide security technical training for developers and engineers.

  • Drive and cultivate a positive culture of security across the engineering teams.

  • Collaborate with corporate security teams to provide feedback into new requirements and provide engineering implications.

  • Work with our security tools team and product teams to identify, define and implement security controls and automation.

upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Security Engineer

REI

Posted 4 days ago

VIEW JOBS 1/15/2019 12:00:00 AM 2019-04-15T00:00 Posted Date: Jan-14-2019 Job ID: 13028 Job Type: Full Time Job Function: Information Technology City: Bellevue State: Washington Store: Eastgate Headquarters What's cool about this job This job contributes to REI's success by maintaining the confidentiality, integrity and availability of information assets by conducting active security testing across all REI application and infrastructure elements. * Leads the design and implementation of workflows, procedures, and data collection points for security services * Leads the design and implementation of secure software testing technologies * Leads the design and implementation of an adaptive and advanced threat identification and remediation programs * Documents and tracks security defects from discovery to remediation. • Maintains relevancy by researching modern attacker tactics, tools, procedures, and exploits (TTPE) * Actively engages cross-divisional teams and builds relationships with key contributors/communicators to effectively execute the Security Program goals * Monitors advancements in software development, testing automation, and technology to insure the program accommodate future efforts * Works on highly complex tasks or project assignments to analyze, design, develop, implement, document and maintain security systems and solutions * Acts as a source for direction, training and guidance for less experienced staff * Provides technical guidance to the design and implementation of policies for all aspects of information security across the enterprise * Ensures security technologies align with overall strategic plan; minimizing redundancy while maximizing effectiveness * Creates security escalation procedures and respond to escalated events * Implement all changes to security infrastructure in accordance with standard procedures and change control policies and procedures * Ensures security program is compliant with regulatory, statutory and internal policies * Mentor other security engineers and analysts on security best practices Bring your passion and expertise * Bachelor's degree in computer science, math, or engineering, or equivalent training and experience * 10+ years related experience or equivalent industry knowledge * Experience must be supported by relevant certification, such as, GWAPT, GIAC, GWEB, GPEN, etc * 5+ years experience developing and maintaining a vulnerability management, pen-testing, or application security focused program * Experience with mobile forensic techniques used to determine local value storage * Experience reverse engineering applications or binaries, identifying exploits, and formulating exploit delivery systems * Knowledge of Microsoft Active Directory operation and structure. Engineering level experience with Windows, Linux, Cisco IOS, iOS, OSX, Free/Open BSD, Solaris, Apache, Jboss, Jenkins, Jira, Kibana, Logstash, NoSQL, MySQL, * Experience with the following tools: Burp Suite Pro, OWASP ZAP, Nessus, Metasploit Framework, IDA Pro, Olly Debug, Orca, Nikto, Nmap, Veil, Eclipse, Netbeans * Able to explain advanced and complicated exploits or attack methods to both non-technical, engineering, and development staff. * Ability to mentor team members and to create effective application security awareness training materials for developer and engineer training sessions * Solid networking experience and understanding of network architecture and protocols * Understands Network Security, Environment segregation, Firewall design, VPN, access control, application and threat management * Experience with file integrity and host hardening techniques and resources * Host and System Log aggregation, correlation and compromise detection * Experience with D/DoS prevention and mitigation * Extensive experience designing, managing and leveraging security incident and event management (SIEM) systems * Ability to participate in on-call rotation for 24x7 service requirement * Ability to create executive report * Actively participates and collaborates with others on one's own team and across REI for the achievement of business goals * Flexible in one's viewpoints and positions in order to support the direction taken by others at REI * Uses business knowledge, innovative thinking, and sound judgment in the solution of problems or the pursuit of business opportunities. Why you'll love it here We're a passionate community of people who believe in one simple truth: an outdoor life is a life well-lived. REI is a co-op, born in the mountains of the Pacific Northwest in 1938. We're here to help our over 6 million active members have amazing experiences outside—and do the same ourselves. Bring your creativity, customer focus and enthusiasm for living life outdoors—we can't wait to meet you! At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it's balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place. With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more. REI is an Equal Opportunity Employer REI Bellevue WA

Senior Security Engineer

Microsoft Corporation