Microsoft Security Engineer II 

United States, Washington 

748788305

Required/Minimum Qualifications

• 3+ years experience in hands-on penetration testing and in identifying security vulnerabilities.
• 3+ years experience in cyber security.
• 1+ years of experience in working collaboratively, solving problems with groups, finding win/win solutions and celebrating successes.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:

• This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred/Additional Qualifications

• 1+ years of experience and understanding of security in Microsoft Azure or any of the major Cloud providers.

• 1+ years of experience in threat modeling, security reviews and security assurance.

• 1+ years experience coding in C/C++, dotnet, JavaScript, Python, SQL, or others, with expertise in troubleshooting and debugging skills.

• An understanding of security knowledge around native applications, web applications, distributed and database systems.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until June 26, 2024.

As a Security Engineer II you will:

Security Assurance

• Understand current security trends and vulnerabilities.
• Participate in security design reviews and threat model reviews prior to the release of new products or features, communicating clearly the different security options and tradeoffs.
• Deliver broadly available security trainings based on learnings from previous exercises or incidents.
  

Penetration Testing

• Ramp up and understand new designs, systems, and technology as they are built.
• Participate in comprehensive assessments of features and large-scale applications and environments. This includes mapping out the surface area and assessing prioritization based on time, resource, and general importance tradeoffs.
• Find vulnerabilities in various spaces such as web applications, native applications, database systems, authentication flows, distributed systems and designs, and protocols. Pulling from a flexible knowledgebase of topics such as OWASP, memory corruption, privilege escalation, networking, and etc. to find both common and uncommon issues.

Embody our and