Microsoft Senior Security Technical Program Manager 

United States, Washington 

496785483

In this role, you will provide technical depth and expertise to a team of security professionals performing application and infrastructure security assessments across the business. You will support and help guide the team as they work with application developers to ensure that their applications meet our rigorous requirements for security, privacy, accessibility, and resilience. You will work with the team to define the state of the practice in application development security. You will also define and manage key measures for security across a diverse organization. Key to this role is your technical aptitude for application security, overall technical depth, security risk management, capacity, and operational ability to manage a multiple heterogenous projects simultaneously. Also critical are proficient program management skills, the ability to influence without authority, to work in a quickly changing area, and be able to represent your work to partners and leadership.

Minimum Qualifications:

• Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development

  o OR equivalent experience.

• 2+ years experience managing cross-functional and/or cross-team projects.

• 4+ years of combined technology administration/management, technical risk management, technical risk consulting, and/or software development/engineering work experience.

Preferred Qualifications

• Ability to coordinate complex process reviews, interpret the results and articulate the findings in a clear and concise manner.
• Bachelor’s degree in Information Technology, Cybersecurity, or Business Management.
• Certifications (not mandatory), Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), or other discipline specific certifications.
• Coding Skills: A basic to moderate understanding of coding is beneficial.
• Experience working on an application or service development team is helpful.
• Effective written and oral communication skills, with the ability to tailor communications based on audience.
• Self-motivated with ability to work with little supervision.
• Ability to analyze complex problems, think creatively, communicate recommendations, influence change and drive process and structure into a dynamic environment.
• Understanding of a broad range of technologies including cloud computing, networking, cloud application design and development tools/processes, and common cloud-based application architectures.
• Understanding of data security concepts, such as Application Security Testing, Vulnerability Assessment, or Information Systems Audit.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until August 1, 2024.

• Vulnerability Identification and Mitigation: Regularly assess security, identify vulnerabilities, and work with development teams to remediate them. This involves activities like code review, dynamic testing, and threat modelling.
• Threat Modeling: Analyze software systems to identify potential threats and vulnerabilities. Create threat models that outline potential attack vectors and help prioritize security efforts.
• Secure Code Review: Review code written by developers to identify security flaws, adherence to coding standards, and best practices. Ensure that security is integrated into the development lifecycle.
• Security Testing: Perform various security tests, including static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST), to identify and uncover vulnerabilities in applications.
• Security Training: Conduct security training sessions for developers, QA engineers, and other stakeholders.
• Incident Response: In the event of a security incident or breach, application security engineers play a critical role in investigating, containing, and mitigating the impact. They collaborate with incident response teams.
• Provide technical guidance for Application onboarding activities and support application developers in navigating the review process.
• Design and develop roadmaps and priorities for the Assurance program as it applies to tools and services built in MCAPS.
• Lead and identify cross-organizational teams to create and maintain tool security guidance.
• Build and nurture positive working relationships with stakeholders and leadership, and be engaged as a trusted advisor within MCAPS.
• Work closely with various engineering organizations and tool owners to support their programmatic initiatives to shift left the Assurance function in the development cycle.
• Design and implement process improvements to the Application Risk Assessment program.
• Assist with the tools and technology review and assessment processes to identify data protection and compliance-related gaps.
• Embody our