Work in Washington Veterans Jobs

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

Microsoft Azure is at the center of Microsoft’s cloud services strategy and the future of Microsoft. Azure brings together virtualization, compute, storage, authentication, authorization, artificial intelligence and machine learning, media and more to enable anyone to bring their business into the cloud. Azure DevSec , a part of the Microsoft Security organization, ensures Azure is the most secure platform in the world and delivers a secure experience for millions of users worldwide. The DevSec team is looking for a motivated Senior Security Software Engineer , to work on proactive security assessments and mitigation of vulnerabilities in Azure services.

In this role, you will partner with engineering teams, understand and analyze cloud service architecture from a security standpoint, perform deep security assessments to identify and mitigate critical vulnerabilities in Azure services. Are you passionate about finding vulnerabilities in complex services and applications that power the Azure cloud? Are you passionate about keeping customers safe and building secure-by-default mitigations to protect customers? If all this sounds interesting, you should talk to us. The ideal candidate will have deep technical expertise in one or more areas related to security architecture, penetration testing, network security, operating systems or web security. In addition, this position requires candidates to demonstrate technical curiosity, ability to review code, implement tools and automation as required, effective communication and collaboration to solve challenging security problems.

This role is located in Redmond, WA. Relocation support will be provided, and successful candidates must ​relocate or reside within 50 miles of the office location. This role is eligible for hybrid or remote work, up to 50%.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

• Take a lead role in driving security reviews involving a combination of architecture reviews, threat modeling and penetration testing

• Effective collaboration with cross-functional teams to identify and help mitigate vulnerabilities in Azure core services.

• Act as a subject matter expert to provide consultation for security incidents as required and mentor other members of the team.

• Exercise technical curiosity and partner across security disciplines to help address security issues, patterns, and trends.

• Contribute to new and existing security tooling and automation to scale vulnerability discovery and mitigate classes of attacks.

Qualifications

Required Qualifications:

• 5+ years experience identifying security vulnerabilities, software development lifecycle, large-scale computing, threat modeling and security architecture

• OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field

• OR equivalent experience.

• 3+ years experience regarding multiple classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU (Time of Check Time Of Use) vulnerabilities, cryptographic weaknesses, insecure direct object references, and others, and the ability to communicate about them to technical and non-technical audiences.

• 3+ years experience reviewing code across common programming languages (C#, Rust, Python, Java, Go, C++) to identify vulnerabilities and provide mitigations

Other Requirements:

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Leadership, empathy, interpersonal and communication skills

• 3+ years experience writing code across common programming languages (C#, Rust, Python, Java, Go, C++) building automation to mitigate vulnerabilities

• 6+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection

• OR Master's/PhD Degree in Statistics, Mathematics, Computer Science or related field.

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year.

There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications and processes offers for these roles on an ongoing basis.

#DevSec #AzureSecurity #MSFTSecurity

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .