Offensive Security Engineer-Application Security


Location: Redmond, Washington

Job Type: Full time


Are you looking for a challenge that puts you at the center of the Microsoft Edge + Platform, Devices, and Gaming Security strategy? Are you passionate about solving the security challenges of critical online services? Are you passionate about Offensive Security?

Microsoft's EDG Security (Edge + Platform, Devices, and Gaming) is responsible for some of Microsoft's largest and most influential online services, including the Xbox LIVE, Microsoft Game Studios, and more. The EDG Services Pentest (SERPENT) team needs an Offensive Security Engineer to increase our business partners' security posture.


EDG Security has a world-class penetration testing team that helps ensure a secure experience for millions of users worldwide. We primarily focus on offensive security and application security and work closely with our defense teams to continually improve our operational awareness.

Job responsibilities

  • Component Penetration Testing: Use various techniques (fuzzing, source code review, reverse engineering, etc.) to find vulnerabilities in critical components that EDG services rely on and parlay research into actual exploits. Validate software quality following our development standards.
  • Application Security Automation: Participate in developing static and runtime analysis capabilities to find software security bugs in code quickly and with high confidence. Push the cutting edge when it comes to automated analysis of managed code and modern web services.
  • Research, Training, and Tool Development: Perform research to stay current with bleeding edge of application security, offensive, and defensive tools, and tactics. Leverage the output of this research for training and awareness across EDG Security and innovation development efforts.


Required Qualifications:

  • 3+ years of coding skills including C#, ASP.NET, Javascript, experience testing web services, identifying/remediating OWASP top 10 security flaws, and have an understanding of large complex systems.
  • Bachelors or Masters in Computer Science or related field, or equivalent experience.

Preferred Qualifications:

  • CISSP, OSCP, GCIA, or SANS certifications is a plus.
  • Demonstrated coding skills in one or more popular languages and platforms such as: C#, C++, Python, and others.
  • Experience in penetration testing and/or static code analysis.
  • Strong background in customizing static, dynamic, and runtime analysis tools.
  • Experience in technical disciplines outside security space, including general software development, networking, database management, and full-stack development, is a strong plus.
  • Solid teamwork and cross-group collaboration skills.
  • Solid verbal and written communication skills.
  • Ability to deal with ambiguity.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.



You’ve got this!