Microsoft Azure is at the center of Microsoft’s cloud services strategy. Azure brings together virtualization, compute, storage, authentication, authorization, media and more to enable anyone to bring their business in the cloud. The Azure Security Engineering organization focuses on ensuring a secure Azure platform for developers and a secure experience for millions of users worldwide.

The Azure Security Assurance team is seeking a Software Security Engineer with demonstrated experience in software development, and network, platform and application layer security. As part of the Security Assurance team, you will develop tools to help internal and external customers design and build secure systems. You will take knowledge developed by you and your peers from threat modeling, penetration testing, and vulnerability analysis and bring those insights to life through tooling.

We are looking for an engineer with the ability to work independently and collaboratively working on leading edge security challenges. You will play a key role in advancing security by working with other Security Engineers, Program Managers, and Developers throughout the Azure organization to instill an ‘Assume Breach’ security mindset and culture through the creation of design-time security tools.  You will also participate in the broader Microsoft and industry-wide security community to advance the state of the art.

Responsibilities

• Development of tools and techniques to help internal and external customers build secure systems from the ground up
• Penetration testing: examine chosen target systems in detail, looking for vulnerabilities and weaknesses, and, in collaboration with other penetration testing and red teams around the company, demonstrate the value of an “assume breach” mentality.
• Emerging Threat and Vulnerability Research: Be on the forefront of emerging threats which affect cloud services through collaboration, independent study, and original research, including proactive security research on the technologies that Azure and our customers utilize and depend on. A very high level of creativity and thirst for knowledge are a must.
• Security Assessments: Parlaying research and knowledge into threat models and security assessments of Azure services, platforms and infrastructure. You have a goal to prioritize areas of security risk while identifying and addressing risks that affect Azure’s ability to protect, detect, investigate, and recovery from security vulnerabilities and targeted attacks.
• Security Code Reviews: Prioritize Azure’s highest risk features and review source code for security defects. File bugs on security defects that help remove potentially exploitable bugs from code and improve the security of Azure services.

To thrive in this position, you will need to be a strong software developer with a deep technical understanding of a broad technology set and the ability to learn new information at a rapid pace. Previous experience in security consulting, penetration testing, and general hacking are important, but a desire to take on big challenges and help improve the overall service engineering process is equally vital.

Qualifications

These are REQUIRED qualifications. Candidates will be dispositioned out if they do not have these qualifications. These MUST be quantifiable.

Required Qualifications:  

• Bachelors of Science, Bachelors, BA, BA CS, Computer Science, Mathematics, Engineering degree or equivalent experience
• 10+ years of experience in software development and software engineering
• Deep knowledge of services, security and a strong engineering and development skillset.

Preferred Qualifications:

• Expert-level knowledge of one or more high-level programming languages, CI/CD pipelines, development and coding patterns, and software engineering techniques
• Expert-level knowledge in multiple classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU vulnerabilities, cryptographic weaknesses, insecure direct object references, and others

#AzureSecCSS

#AzureSecOpen

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.