Security Engineer II
Location: Redmond, Washington
Job Type: Full time
Microsoft Azure is at the center of Microsoft’s cloud services strategy and the future of Microsoft. Azure brings together virtualization, compute, storage, authentication, authorization, artificial intelligence and machine learning, media and more to enable anyone to bring their business into the cloud. The Azure Development Security Engineering organization focuses on ensuring that Azure is the most secure platform in the world and delivers a secure experience for millions of users worldwide.
We are seeking a diligent, insightful, and creative Security Engineer to help discover, diagnose, analyze, quantify, characterize, and help drive solutions for the most challenging security problems in Azure through a data-driven, product-driven lens. In this role, you will advance security by working with other Security Engineers, Program and Product Managers, and Developers, as well as business leaders throughout Microsoft to turn individual findings and vulnerabilities into patterns and insights that can be measured and managed through engineering, automation, and other appropriate mitigations. You will help identify the most demanding security problems through original research and data analysis and help design and deliver practical solutions at scale for select products and services. This role is not confined to any area of technology; rather, you will work up and down the stack, across platforms, operating systems, languages, and frameworks, using your broad security skills to solve problems in unfamiliar domains.
Key responsibilities include:
- Vulnerability discovery and variant hunting. In partnership with others, using the best available and most appropriate methodologies, including threat modeling, penetration testing, security design analysis, fuzzing, SAST and DAST, etc., you will examine chosen target systems in detail, looking for vulnerabilities and weaknesses, perform variant hunting looking for larger patterns, conduct qualitative and quantitative analysis over those patterns, and drive solutions upstream in a data-driven, shift-left fashion.
- Solution design and delivery: You will help design solutions for security problems, partner with service teams and other security stakeholders to ensure rapid adoption of solutions and mitigation of threats from beginning to end.
- Software development: You will develop proof-of-concept demonstrations, appropriate tooling, scanners, data management systems and other small tools to better assist in both the discovery and remediation of security issues.
- Follow through and closure. You will partner with engineers, product and program managers, and leaders around the company to ensure the successful completion of work to address your findings.
To thrive in this position, you will need a detailed technical understanding of a broad set of technologies and the ability to learn new information at a rapid pace. We do not expect that any individual knows all the technologies that are in scope for this role, rather we are looking for someone who can quickly translate their technical skills from one domain to another, find, assemble, and inspire the relevant technical experts from across the company, and communicate effectively about technical and business risks to engineering and executive leadership.
- Bachelors degree in Computer Science, Mathematics, Engineering or equivalent experience
- 3+ years experience in security and/or software engineering
- MS or PhD in Computer Science, Mathematics, Engineering, or related fields
- Knowledge of multiple classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU (Time of Check Time Of Use) vulnerabilities, cryptographic weaknesses, insecure direct object references, and others, and the ability to communicate about them to technical and non-technical audiences
- Strong collaboration, empathy, and interpersonal skills
- Strong written and verbal communication skills
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.