Are you passionate about Cybersecurity and raising the security bar? Do you enjoy working across the company on unique solutions for Azure, Edge Devices, XBOX, Windows, and our Surface business? Does working with Security Analysts, Developers, and Program Management across a variety of areas excite you? If so, the Edge, Devices, and Gaming (EDG) Security team would like to talk to you.

We are the EDG Security team. Our cybersecurity team help secure the Azure, Edge devices, Windows, XBOX, and Surface businesses. In addition, we work with other Security teams within the company to ensure that we have the right tools and services to protect these key businesses. We are looking for a Principal Program Manager to help us drive this charter and help protect Microsoft products and services by partnering and engaging with engineering teams to improve our security posture. As a Principal Security Program Manager, you’ll be responsible for defining the E2E security architecture and EDG Security’s strategy, in addition to driving security metrics to track progress and future goals. You’ll work to influence and partner with engineering and product teams to build security into the DNA of our products and services.

The successful candidate will have passion for security, have strong technical and program management skills, and excellent cross-group collaboration skills, coupled with the ability to schedule and prioritize work against multiple deadlines and direct the teams to success. Strong communication skills and the ability to thrive in an ambiguous and dynamic environment are a must. Candidate should represent the growth mindset and display Microsoft cultural values in day-to-day activities.

Responsibilities

The Principal Security Program Manager will drive security strategy, customer promises, competitive approach, and execution for key initiatives. You will work with a world-class team of security engineers, penetration testers, and product owners to ensure critical new products and services are secured from the ground up with secure architecture, code, and right infrastructure controls baked in.

You will use your strong security background, customer empathy, market data and collaboration skills to drive appropriate tradeoffs and ensure that our products, services, and associated supply chain is secured to retain and enhance the customer trust. The ideal candidate will have a good mix of technical security acumen, product, and program management experience, and be data driven. You should be passionate about security and be able to collaborate cross-functionally to understand different points of view, and to influence and drive to the right solutions.

• Own the security architecture, strategy, execution, and communication of critical programs
• Provide technical security expertise on architecture, attacker trends, mitigations, secure design, and infrastructure security and help ensure across the team that we’re moving in a consistent direction
• Continue to push the right security metrics/KPIs to improve our security position/baseline
• Build, evangelize and operationalize resource investment strategy, cost, and attribution across EDG

Additionally, a Principal Program manager in EDGS:

• Has a passion for growing people and leads by example through the model, coach, care philosophy, irrespective of direct reporting structure
• Builds upon a strong team ethos and embodies our company values, cultivating a culture reflective of those values around diversity, inclusion, and customer obsession
• Has business and technical acumen; Engages and influences C-level leaders on strategic areas and discussions
• Is customer and partner obsessed
• Collaborates across organizational boundaries, to drive right business outcomes

Qualifications

Required:

• 8+ years of experience in software engineering, of which 4+ of those years have been focused on application security, cyber security, product security, or similar.
• Excellent cross-group and interpersonal skills, with the ability to articulate the business need for security improvements.

Preferred:

• Knowledge of common vulnerability classes and exploitation techniques.
• Knowledge of Windows internals and/or Linux internals, network protocols, and file formats.
• Familiarity with cloud infrastructure and services.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#EDGS