Work in Washington Veterans Jobs

Security is foundational to all product and service offerings from Microsoft. We need an experienced security professional with a deep-rooted passion in identifying security issues before they impact millions of users.

The Bing Offensive Security Team is part of Microsoft AI and leads offensive security operations, especially code reviews, Penetration Testing and variant hunting across services with globally distributed engineering teams.

Our team is looking for a Senior Security Technical Program Manager, who will help shape the offensive security program to consistently apply offensive tactics and remediation measures that improve both our security engagements as well as tooling. This position offers an unparalleled experience in utilizing technical expertise from penetration testing and security to solve operational problems and problems of scale across teams.

The candidate should possess experience with online services and penetration testing (including code audits, SAST/DAST, and critical thinking) and have a solid grasp of service security fundamentals, proficient computer science skills, and committed security program management skills.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees, we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

• Identify and help remediate vulnerabilities in Microsoft AI products utilizing code reviews, offensive security assessments, design reviews and driving penetration testing engagements.

• Utilize comprehensive and up-to-date knowledge of security to design innovative protections.

• Work closely with product teams to enhance security measures and clearly communicate the business benefits of security testing.

• Help define a clear vision and roadmap for the team’s responsibilities and scope, identifying opportunities for innovative tactics and scalable variant hunts.

• Partner with teams outside Microsoft AI to leverage and contribute to product security practices as well as Secure SDLC.

• Help define objectives and key results (OKRs) to track progress against goals, iterating and optimizing as necessary.

• Embody our culture (https://careers.microsoft.com/v2/global/en/culture) and values (https://www.microsoft.com/en-us/about/corporate-values)

Qualifications

Required Qualifications

• Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development

• OR equivalent experience.

• 2+ years experience managing cross-functional and/or cross-team projects.

• 4+ years of experience with Security threat modeling.

• 4+ years of experience conducting security assessments on Web Applications, Mobile Applications, and Cloud Services running on variety of operating systems including containers.

Preferred Qualifications

• 2+ years of experience driving penetration testing or Red Team engagement

• 1+ year(s) experience reading and/or writing code (e.g., sample documentation, product demos).

• Experience in cybersecurity assurance and program management, preferably including online service development.

• Knowledge of and the ability to carry out the process of planning, organizing, and managing tasks and resources to accomplish a well-defined objective.

• Experience with defining and tracking OKRs and KPIs to measure program performance.

• Proficient communication and collaboration skills, with the ability to effectively interact with stakeholders at all levels of the organization.

• Experience with application security standards such as OWASP ASVS/Top 10, CWE 25.

• Experience with common security libraries, security controls, and common security flaws.

• Outstanding collaboration and partnership skills, with proven ability to drive results across teams.

• Coding skills in one or more general purpose scripting languages.

• Familiarity with web proxies such as Burp, OWASP ZAP or Fiddler.

• Familiarity with using Offensive Security distributions such as Kali, BlackArch and BackBox.

• Development or scripting experience. PowerShell, Bash, Rust, Go, GraphQL, REST.

• Demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.

Technical Program Management IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year.

There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until September 13, 2024.

#Search# #MAI# #BingFundamentals# #Security# #Penetration Testing# #Pen Test#

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .