Security Software Engineer 2

Microsoft

Location: Redmond, Washington

Job Type: Full time

Posted

The most difficult thing is the decision to act, the rest is merely tenacity.
- Amelia Earhart

Do you want to find and exploit security vulnerabilities that impact hundreds of millions of users? Join the Microsoft Security Response Center (MSRC) Penetration Testing team where you'll emulate real-world attacks against Microsoft 365 services. We help ensure our services are ready to face and respond to even the most determined adversaries by exploring new ways to find and prevent security flaws. You will work alongside teammates experienced in identifying and exploiting vulnerabilities in all layers of the services including application, cloud, network, and operational security domains. You'll also have the opportunity to work across Microsoft with developers and security personnel across multiple teams. Your work will help protect some of the largest and most complex services in the world, including Exchange Online, SharePoint Online, Microsoft Defender, and Microsoft Teams.

Responsibilities

  • Discover and exploit vulnerabilities end-to-end in order to assess the security of services
  • Execute Red Team operations using real world adversarial tactics and techniques to validate a production service's ability to detect, investigate, and respond
  • Advocate for security change across the company through building partnerships and clearly communicating impact of risks
  • Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery
  • Collaborate with Blue Teams to improve readiness and produce solutions for defenders and customers
  • Research new and emerging threats to inform the organization, improve red teaming efficacy and accuracy, and stay relevant.
  • Assist other team members and pen testers at Microsoft in offensive techniques and approaches
  • Work together with other Offensive Security personnel at Microsoft to leverage the latest trends, and identify good opportunities for attack
  • Advocate for new work items and testing approaches to continuously improve offensive activities
  • Maintain and assure quality of supported tools and services from pen test
  • Any other reasonable activity required by management

Qualifications

  • Bachelor’s degree in Computer Science or a related field, equivalent alternative education, and/or practical experience in commercial software development
  • 2+ years experience in Software Development, Software Engineer in Test (SET/SDET), or related Security discipline.
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Secure Screen: This position will be required to pass the Microsoft Cloud background check and credit history analysis upon hire/transfer and every year thereafter

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

You’ve got this!