Microsoft Senior Security Engineer 

United States, Washington 

42588518

Required/Minimum Qualifications

• ​​5+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.

Other Requirements

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
  • This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred/Additional Qualifications

• 6+ years experience in identifying security vulnerabilities, software development
  lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
  • OR Master's Degree in Cybersecurity, Computer Science or related field.
• Candidate should posses integrity, ingenuity, results-orientation, self-motivation, and resourcefulness in a fast-paced competitive environment.
• Ability to work collaboratively, solve problems with groups, find win/win solutions and celebrate successes.
• Fundamental understanding of security knowledge around native applications, web applications, distributed and database systems.
• Understanding of security issues for large scale cloud services and network infrastructures
• Possess a vast understanding of security vulnerabilities and attacks (Hardware, Firmware, Software, Network, and People), and the ability to understand new ones based on new technology being developed.
• Proficiency in Programming languages (C/C++, dotnet, JavaScript, Python, SQL, others) with expertise in troubleshooting and debugging skills.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until June 19, 2024.

​​
Security Assurance

• Understand current security trends and vulnerabilities.
• Participate in security design reviews and threat model reviews prior to the release of new products or features, communicating clearly the different security options and tradeoffs.
• Deliver broadly available security trainings based on learnings from previous exercises or incidents.

Penetration testing

• Ramp up and understand new designs, systems, and technology as they are built.
• Participate in comprehensive assessments of features and large-scale applications and environments. This includes mapping out the surface area and assessing prioritization based on time, resource, and general importance tradeoffs.
• Find vulnerabilities in various spaces such as web applications, native applications, database systems, authentication flows, distributed systems and designs, and protocols. Pulling from a flexible knowledgebase of topics such as Open Web Application Security Project , memory corruption, privilege escalation, networking, and etc to find both common and uncommon issues.

Red teaming

• Participate in targeted campaigns (planning, scoping, approval, reconnaissance & discovery, execution of attacks, pivoting, persistence, and remediation) against both pre-production and production environments.
• Navigate through an ecosystem of multiple domains, technologies, protocols, and stakeholders.​

Embody our