Microsoft

Principal Security Engineer

US
USD 137k - 294k
Azure C++ C# Assembly Rust Python
This job is closed! Check out or
Description

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

 

Are you driven by a hacker mindset and ardent about enhancing the security of hardware, firmware, and low-level components? If so, this job opportunity is tailored for you!

 

Azure Hardware and Firmware DevSec team is currently in search of a Principal Security Engineer with expertise in hardware, firmware, and related low-level components.

 

As a member of the HW/FW Security team within the Azure Security organization, you will have an opportunity to shape the landscape of platform security. This involves conducting security reviews such as threat modeling, design and code assessments for both Microsoft and third-party HW/FW solutions, penetration testing, vulnerability analysis, devising solutions to address identified vulnerabilities, and providing guidance to teams on securely building hardware, firmware, and related components.

 

We are seeking a detail-oriented, self-motivated engineer with exceptional communication skills who revels in delving into the security intricacies of various low-level components, including motherboard peripherals, network communication, disk controllers, and hypervisors. In this role, you will collaborate closely with other Security Engineers,

 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.


In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Required Qualifications:

  • Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field
    • OR 7+ years experience in software development lifecycle, large scale computing, modeling, cyber security, anomaly detection
    • OR equivalent experience.

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: 

 

      • Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications: 

    • OR Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field.
    • OR equivalent experience. Certified Information Systems Security Professional (CISSP) Certification, Security+ Certification, or relevant certification. 
  • 6+ years experience in software/firmware/hardware development lifecycle, large scale computing, modeling, cyber security
    • OR Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field OR equivalent experience.
  • Profound understanding of server platform buses and peripherals, complemented by hands-on experience in conducting security analyses of peripherals.
  • Proficiency in hardware description languages (HDL) and RTL, coupled with hands-on experience in conducting security reviews of hardware design.
  • Deep and broad understanding of security vulnerabilities and attacks (Hardware, Software, Network, and People) and ability to apply them or find new ones based on new technology being developed.
  • Experienced coding skills in one or more popular languages and platforms, including C/C++, C#, assembly, Rust, Python, and others, and the ability to pick up new platforms quickly.
  • Detailed understanding of encryption, low-level networking protocols, operating systems including Linux and Windows. 

Security Assurance IC5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay


Microsoft will accept applications for the role until December 8, 2024.

 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

 

#Firmware #Hardware #MSFTSecurity #SHPE24MSFT

  • Threat Modeling / Security Assessments: Utilizing research and expertise to conduct threat modeling and security assessments of Azure HW/FW solutions, and cloud infrastructure. Your objective is to prioritize areas of security risk, identifying and addressing security defects that may impact on Azure's capacity to safeguard against, detect, investigate, and recover from security incidents.
  • Security Reviews: Prioritize the highest risk features within Azure and perform comprehensive reviews of their design, source code, or final product to identify security defects. Utilize existing tools or develop new ones, such as static/dynamic analysis tools, to enhance efficiency and quality of work. Take the lead in addressing identified security flaws and implementing proactive security hardening measures to mitigate future exploitable vulnerabilities.
  • Driving Security: Collaborate with cloud server and in-rack devices hardware ecosystem partner to establish security solutions and requirements, identify critical threats, and develop agreed plans for remedial actions. Collaborate with Microsoft Hardware Engineering teams from the early stages of product development to guarantee the security of Azure hardware platforms.
  • Contributing to Policies: Engage with cross-company teams and industry partners to ensure that our insights are effectively integrated into development policies, standards, and practices. Aim to continuously elevate the security standards by fostering a growth mindset and implementing best practices.
  • Emerging Threat Research: Stay at the forefront of emerging threats impacting cloud services by conducting research on externally identified vulnerabilities and proactively investigating security risks associated with the technologies utilized by Azure and our customers.
  • Communication & Presentation: Be an competent in security and be available to answer questions and give guidance on addressing security defects. Present team findings through white papers and security assessment reports. Work with the other teams to define and adopt new best practices for secure development and operations.
  • Embody our Culture and Values 
Microsoft
Microsoft
Data Management Developer Tools DevOps Enterprise Software Operating Systems

0 applies

4 views

Other Jobs from Microsoft

Senior Data Scientist

Bengaluru, India

Software Engineer II

Hyderabad, India

Research Intern - Bioinformatics

Redmond, WA Cambridge, MA

Senior Physical Design Engineer

Hyderabad, India Bengaluru, India

There are more than 50,000 engineering jobs:

Subscribe to membership and unlock all jobs

Engineering Jobs

60,000+ jobs from 4,500+ well-funded companies

Updated Daily

New jobs are added every day as companies post them

Refined Search

Use filters like skill, location, etc to narrow results

Become a member

🥳🥳🥳 401 happy customers and counting...

Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.

To try it out

For active job seekers

For those who are passive looking

Cancel anytime

Frequently Asked Questions

  • We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
  • We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
  • We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
  • We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
  • Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
  • Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
  • Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅

What Fellow Engineers Say