Software Engineer - Security

Do you have a passion for security? Do you like to find bugs in software? Have you ever wanted to build and run fuzzers that scale to thousands of cores? Why not become part of team dedicated to keeping the web safe! 

The Microsoft Edge security team is responsible for securing Edge’s client code running on millions of devices worldwide. We work with developers to ensure features are designed with security in mind, we identify bugs before hackers do, and we respond to security incidents if they occur. We also work with industry partners to contribute security improvements to the open-source Chromium project to make the web safer for everyone. 

Edge security is divided into two sister teams: Vulnerability Research and Security Operations. We are hiring for both, and successful applicants will be placed into the team which best fits their skills and interests. 

We are looking for engineers with knowledge and experience in the field of computer security and a passion to learn, underpinned by a deep understanding of computer science. We are looking for individuals with skill sets applicable to either or both teams. 

Vulnerability Research: some of the skills that we are looking for are native app security (memory corruption, exploit mitigations, logic issues, etc.), web application security (exploitation techniques such as XSS, mitigations such as CSP, etc.), code auditing, fuzzer development, application of cryptography, and exploit development. 

Security Operations: the desired skills in this team are application development in C/C++ and Python, the ability to build and scale services and web applications on Microsoft Azure, fuzzer development (for example using libfuzzer or AFL++), research and tooling for code analysis at scale. 

Most of all we are looking for individuals who care deeply about keeping Microsoft customers safe from malicious actors. 

Basic Qualifications: 

• B.S., Computer Science or equivalent work experience or degree 

Required Experience: 

• 2+ years of experience in a relevant professional development or security-focused role 
• Some of which must be specialising in security. 
• Competence in writing at least two of C/C++, JavaScript, and Python 

The following additional experiences are favourable, but not requirements:  

• Public track record of relevant security research along with relevant CVEs if available, especially around browser vulnerability discovery. 
• Development and deployment of fuzz testing software. 
• Experience with basic exploit development. 

Keywords 

//edgejobs 

#edgejobs 

#epicindia 

#edgeindia 

#E+DIndia 

#ewdindia 

#webxtindia 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Vulnerability Research primary requirements/responsibilities:  

• Conduct security reviews to identify and mitigate risk in Microsoft Edge. Activities include design review, code reviews, fuzzing, and penetration testing. 
• Respond to security incidents and reports from external researchers. 
• Use a variety of tools and techniques to identify and drive fixes to security vulnerabilities. 
• Collaborate with other security teams across Microsoft to design and develop new security mitigations and defences. 
• Work closely with our partners in the Chromium community to improve browser security. 

Security Operations primary requirements/responsibilities: 

• Build and maintain our fuzzing infrastructure across thousands of cores on Azure across three platforms and two architectures. 
• Develop new tools and techniques to discover new security bugs at scale. 
• Write fuzzers to automatically test Edge’s code base and find new issues.