Microsoft Senior Security Technical Program Manager 

United States, Washington 

77114971

Security is foundational to all product and service offerings from Microsoft. We need an experienced security professional with a deep-rooted passionsecurity issues before theymillions of users.

and variant hunting across services with globally distributed engineering teams.

a Senior Security Technical Program Manager, who will help shape the offensive security program to consistently apply offensive tactics and remediation measures that improve both our security engagements as well as tooling.This position offersan unparalleledexperience in.

experience with online services and penetration testing (including code audits, SAST/DAST, and critical thinking) and have a solid grasp of service security fundamentals, proficient computer science skills, and committed security program management skills.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees, we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Required Qualifications

• Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development
  • OR equivalent experience.
• 2+ years experience managing cross-functional and/or cross-team projects.
• 4+ years of experience with Security threat modeling.
• 4+ years of experience conducting security assessments on Web Applications, Mobile Applications, and Cloud Services running on variety of operating systems including containers.

Preferred Qualifications

• 2+ years of experience driving penetration testing or Red Team engagement
• 1+ year(s) experience reading and/or writing code (e.g., sample documentation, product demos).
• Experience in cybersecurity assurance and programmanagement,preferably including online service development.
• Knowledge of and the ability to carry out the process of planning, organizing, and managing tasks and resources to accomplish a well-defined objective.
• Experience with defining and tracking OKRs and KPIs to measure program performance.
• Proficient communication and collaboration skills, with the ability to effectively interact with stakeholders at all levels of the organization.
• Experience with application security standards such as OWASP ASVS/Top 10, CWE 25.
• Experience with common security libraries, security controls, and common security flaws.
• Outstanding collaboration and partnership skills, with proven ability to drive results across teams.
• Coding skills in one or more general purpose scripting languages.
• Familiarity with web proxies such as Burp, OWASP ZAP or Fiddler.
• Familiarity with using Offensive Security distributions such as Kali,BlackArchandBackBox.
• Development or scripting experience.PowerShell, Bash,Rust, Go,GraphQL, REST.
• Demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.

Technical Program Management IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until September 13, 2024.

Penetration Testing

• Identify and help remediate vulnerabilities in Microsoft AI products utilizing code reviews, offensive security assessments, design reviews and driving penetration testing engagements.
• Utilize comprehensive and up-to-date knowledge of security to design innovative protections.
• Work closely with product teams to enhance security measures and clearly communicate the business benefits of security testing.
• Help definea clear visionand roadmap for the team’s responsibilities and scope,identifyingopportunities for innovative tactics and scalable variant hunts.
• Partner with teams outside Microsoft AI toleverageand contribute to product security practices as well as Secure SDLC.
• Help defineobjectivesand key results (OKRs) to track progress against goals, iterating andoptimizingas necessary.
• Embody our and