Microsoft Azure is at the center of Microsoft’s cloud services strategy. Azure brings together virtualization, compute, storage, authentication, authorization, media and more to enable anyone to bring their business in the cloud. The Azure Security Engineering organization focuses on ensuring a secure Azure platform for developers and a secure experience for millions of users worldwide.
We are looking for a reliable and diligent engineer with excellent judgment and a strong track record in security and software engineering, who can bring his or her experience to bear on improving the state of the art. You will play a key role in advancing security by working with other Security Engineers, Program Managers, and Developers throughout the Azure organization to instill an ‘Assume Breach’ security mindset and culture. You will provide technical security leadership, inside and outside of Microsoft and stay on top of current developments for the benefit of Microsoft products and services.
Key responsibilities include:
- Penetration testing – you will examine chosen target systems in detail, looking for vulnerabilities and weaknesses, and, in collaboration with other penetration testing and red teams around the company, demonstrate the value of an assume breach mentality.
- Emerging Threat and Vulnerability Research – You will identify and evaluate new areas for research, perform analysis into emerging threats, including proactive security research on the technologies that Azure and our customers utilize and depend on. A very high level of creativity, excellent communication skills, and an ability to work independently are critical.
- Security reviews – you will review the design of services from a security perspective to identity vulnerabilities and weaknesses in the architecture, make appropriate recommendations, and guide teams to implement those recommendations
- Tool Development – You will prototype and create tools to automate the discovery of vulnerabilities across Azure services
To thrive in this position, you will need a deep technical understanding of multiple classes of security defects, along with a strong development skills and an understanding of popular languages and platforms and the ability to learn new information at a rapid pace. A strong track record in penetration testing, security consulting and general hacking are critical but the willingness and drive to improve the state of the art overall is even more important.
these are required qualifications. candidates will be dispositioned out if they do not have these qualifications. these must be quantifiable.
- bachelor of science in computer science, mathematics, engineering or equivalent experience or education
- six or more years experience in a hands-on security role, with demonstrable software engineering skills and mastery of multiple classes of security defects or demonstrably equivalent expertise.
- experience in technical disciplines outside the security space, including general software development, networking, database management, big data and full-stack development is a strong plus
- masters of science in computer science, mathematics or engineering is a strong plus
- knowledge of microsoft azure or competing cloud services is a plus
ability to meet microsoft, customer and/or government security screening requirements are required for this role. these requirements include but are not limited to the following specialized security screenings: microsoft cloud background check: this position will be required to pass the microsoft cloud background check upon hire/transfer and every two years thereafter