Microsoft Security Researcher II 

Taiwan, Taoyuan City 

852897907

This role is targeted towards open-source security (OSS) vulnerability response and research. where you will be focused on vulnerability response for open-source software and services used, and produced by Microsoft. You will assess the impact of these vulnerabilities identified and issue advice for the remediation of affected products. You will have the chance to conduct novel vulnerability research in open-source software that Microsoft relies on and develop mitigation strategies for enhancing our products' security posture. You will collaborate with other security researchers, developers, and community members to responsibly address security issues in open-source projects.

Required/Minimum Qualifications

• years experiencein software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection

• Bachelor's Degreein Statistics, Mathematics, ComputerScienceor related field

2+ years of
C/C++experience

Additional or Preferred Qualifications

• years experiencein software development lifecycle, large-scale computing, modeling, cyber-security, and/or anomaly detection

• Master's Degreein Statistics, Mathematics, ComputerScienceor related field

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Responsibilities

onducting Research

• Identifies

• adhoc or as needed basis.

• Performs analysis using multiple data sources to generate insights. Considers common and potential threat scenarios and dependencies in analyses. Attends to and understands connections between identified issues and up- and-down streamprocesses. Helps to drive resolution to systemic security issues. Aids in the creation ofnew solutionsto mitigate security issues. Makes tradeoffs to balance security and operational needs.

• Prioritizes andvalidatestechnical indicators. Aggregatesthreatdata into categories and themes that align to intelligence requirements or customer requests.Takes into consideration relative risk factors, history of published vulnerabilities and existing security knowledge into their analysis.Develops tools toassistin automating the analysis of acomponentor feature area.

• Cleans, structures, and standardizes data and data sources. Supports data quality efforts to ensuretimelyand consistent access to data sources.Curatessources of data and partners to develop and sustain data access. Understands how to find new data sources.

• Identifiesand addresses underlying causes of security shortcomings. Develops security guidance and models to address shortcomings and to build best practices. Suggests and drivesappropriate guidance, models, response, and remediation for issues.

• Drives end-to-endsolutionfor technical implementation and automation related to specific kinds or classes of security issues (e.g., signature detection, malware, threat analysis, reverse engineering). Develops higher level awareness of other kinds of security issues outside areas of expertise. Works across disciplines to solve specific issues. Uses results from research and experimentation to guide architecture or product direction.

• Identifiesand responds to customer and partner security issuesin a timely manner.Spotstrends and potential security issues. Advocates for customers and partners.Provides assistance tocustomers and partners.Leveragespartner and customer feedback to improveassistance. Escalates issues as needed. Develops guidance and education that result from resolution of security issues.

• Identifiesareas of dependency and overlap with other teams or team members. Provides constructive input so the work is integrated andtimely. Communicates status with others to allow fortimelyresolution and coordination. Helps teamsidentifyrisks,dependenciesand other blocking issues.Enables others to take action to resolve issues.

• Protects tools, techniques, information, and results of security practices. Assesses efficacy of operational security (e.g., red-on-red pen testing). Begins to master techniques.

• maintainingthe quality of products and services. Takes notes during incidents andparticipatesin postmortem and root-cause analysis processes.

• Creates analysis report. Follows up on the findings and recommendations, escalating blocking issues as needed.Identifiespotential security vulnerabilities by reviewing documentation and specifications. Develops facts and libraries of guidance.

Industry Leadership

• Exhibits subject matterexpertisein class or set of security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities). Provides guidance to others in areas of expertise.Maintains current knowledge by investing time and effort. Proactivelyseeksopportunities to learn. Demonstratesappropriate risktaking and ethical behavior.

• Learns and understands the current state of the industry, including knowledge of tools, techniques, strategies, and processes that can beutilizedto improve security. Maintains knowledge of current trends within the industry.

• Embody our