Microsoft Principal Penetration Testing Manager 

United States, Washington 

895326466

Required Qualifications

• Master's Degree in Statistics, Mathematics, Computer Science or related field OR 7+ years of experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, .
• 3+ years people management experience.
• 5+ years of performing Penetration tests engagements.
• 2+ years of experience testing web services, identifying and remediating OWASP top 10 security flaws, and understanding large complex systems quickly.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Preferred Qualifications:

• Demonstrated experience in Networking/Identity Isolation, Active Directory, and Linux skills.
• Proficient operational security skills
• Demonstrated teamwork and cross-group collaboration skills.
• Ability to deal with ambiguity
• BS or MS in Computer Science, a related field, or equivalent experience
• Experience performing offensive security engagements (Experience leading offensive engagements is highly desired)
• Demonstrated coding skills in one or more popular languages and platforms such as: C#, C++, Ruby, Python, and others.
• Proficient experience in Windows and Linux.
• Operational Security skills
• Experience reverse engineering Native and Managed Code
• Experience testing web services, identifying and remediating OWASP top 10 security flaws, and understanding large, complex systems quickly
• OSCP/OSCE/GIAC certifications are desired

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until Aug 5, 2024.

People Management

• Managers deliver success through empowerment and accountability by modeling, coaching, and caring.
• Model - Live our culture; Embody our values; Practice our leadership principles.
• Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn.
• Care - Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others.

Discovery of Problems/Identifying Vulnerabilities

• Provides strategic guidance to teams on priorities, tactics, evaluation strategies, and development of methodologies. Ensures teams are resourced to achieve results. Escalates recommendations and mitigations and advocates for follow through as needed. Helps to establish standards and rules of engagement across the company. Identifies and implements appropriate metrics for organization.

Solution Engineering

• Works across multiple teams, divisions, and functional areas to support technical implementation of solutions that increase the ability to harden against, detect, and mitigate issues (e.g., malware, reverse engineering). Ensures teams develop and maintain areas of expertise, expand into new areas of expertise, and share best practices across teams.
• Purple Team: Participate as an infrastructure/operation specialist in overt penetration testing engagements, where we emulate real-world adversaries such as Nation-State or Organized Crime. During Purple Team engagements, we collaborate with our business partners, v-team for the operation and defensive teams to comprehensively understand the target and provide guidance on improving their overall security posture through design changes and tactical mitigations, security controls, or detections.
• Between Red Team and Purple Team Engagements, the following activities may be executed:
  • Research, Training, and Innovation: Perform research to stay current with bleeding edge of application security, offensive and defensive tools, and tactics. Leverage the output of this research for training and awareness across EDG Security and innovation efforts.