Senior Security Engineer

Security represents the most critical priority for customers in the world awash in digital threats, regulatory scrutiny, and technical complexity. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. 

The Azure AI Platform security team is seeking a Senior Security Engineer to help us safely usher in the next frontier in AI technology. If you have experience performing security assessments, penetration testing, threat modeling in cloud computing environments, and you are eager to secure the future of AI, we would love to speak with you! 

In this role, you'll partner with product engineering teams to assess the security of their services and ensure that we live up to our security promises. You'll plan and manage your own security engagements, from enumerating the attack surface, setting up a test environment, evaluating the design and testing the implementation for security deficiencies, and providing your findings and recommendations for remediation. As you discover systemic issues and anti-patterns, you will be empowered to propose and drive solutions that raise the security bar across multiple services by eliminating entire vulnerability classes. 

You should be comfortable reading and understanding code to analyze implementations for potential security vulnerabilities and inform your penetration testing. Familiarity with common web penetration testing tools such as Burp Suite or other intercepting proxies will be necessary. As you dive deep into a given service, you will examine all layers of the OSI stack for the service, ranging from the web UI, the API, the cloud environment, cluster orchestration, and Linux-based nodes and containers. You'll have the opportunity to amplify your impact by suggesting product improvements that provide customers with a paved path to security by default. 

Because of the breadth and depth of this role, we do not necessarily expect candidates to have deep experience in all relevant dimensions of the security stack, and security engineers new to the AI space are encouraged to apply. We seek well-rounded individuals, and we leverage each other as appropriate to create a well-rounded team. While technical fundamentals are important, the ability to navigate both technical and organizational ambiguity, go deep in unfamiliar domains, independently develop subject-matter expertise, and build trust with partner teams will be required to succeed in this role. 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. 

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. 

Required/Minimum Qualifications:

• 5+ years experience in software development lifecycle, large scale computing, modeling, cybersecurity, anomaly detection
  • OR bachelor's degree in computer science, Cybersecurity, or related field
  • OR equivalent experience.
• 5+ years experience performing security assessments and penetration testing 
• 3+ years experience securing cloud computing environments
• 3+ years experience with one or more of C#, Python, Rust, or JavaScript, PowerShell 

Other Requirements

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
  • This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until October 25, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#DSR #MSFTSecurity #SHPE24MSFT

• Use subject matter expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities). 
• Analyze complex issues using multiple data sources to identify security problems. 
• Create new solutions to mitigate security issues; Help to drive resolution for systemic security issues. 
• Effectively communicate security defects to stakeholders at various levels. 
• Work as an effective and inclusive team player, sharing and learning from others.  
• Other
  • Embody our culture and values