Microsoft Principal Security Program Manager 

United States, Washington 

646958046

Microsoft’s Services Pentest (SERPENT) team is looking for a Principal Security Program Manager to elevate the end-to-end service security fundamentals in the Azure Edge + Platform (AEP) and Windows & Devices (W+D) space. SERPENT is part of the Edge + Platform Security Fundamentals (EPSF) team in AEP, a globally distributed team responsible for platforms and services that enable consistent application development and management across the cloud and the edge. This team performs security design reviews, code reviews, and penetration testing on key features of AEP and W+D services to make sure they meet the highest possible security standards, as well as defines security requirements and best practices that all of our services adhere to. SERPENT develops and applies these Fundamentals across the entire service development lifecycle —from Design and Develop to DevOps and Deployment— through deep, human-led engagements and broad automated detections and preventions leveraging industry, Microsoft, and unique ESPF domain expertise.

As a Principal Security Program Manager in SERPENT you will be directly shaping our strategic approach to applying offensive, defensive and remediation tactics to improve both our human-led service engagements and transferring those learnings to the development policies and processes to improve Security Fundamentals for all our services.

Required Qualifications:

• 7+ years experience in software development lifecycle, large scale computing, modeling, cyber security, anomaly detection
  • OR Bachelor's Degree in Computer Science, Risk Management, Cyber Security, or related field
  • OR equivalent experience.

Other Requirments

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

• Microsoft Cloud Background Check : This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Substantial experience in cybersecurity assurance and program management preferably including online service development.
• Strategic thinking and problem-solving skills, with the ability to develop and execute research & development strategies that support product development objectives.
• Experience with defining and tracking OKRs and KPIs to measure program performance.
• Proficient communication and collaboration skills, with the ability to effectively interact with stakeholders at all levels of the organization.
• Customer feedback and data driven.
• Experience in the security domain and with leading fundamentals.

• Demonstrated experience developing product roadmaps to deliver customer and business value across products and services.
• Demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.

• Demonstrated coding skills in one or more popular languages and platforms such as: C#, Java, Python, and others.

• CISSP, OSCP, GCIA, or SANS certifications

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until August 7, 2024.

As a Principal Security Program Manager, you are responsible for the following:

• Develop and articulate clear a clear vision and roadmap for your team’s functions and scope including establishment of opportunities for innovation in tactics as well as automated detections and preventions at scale
• Identify and mitigate risk in Microsoft products in close partnership with SERPENT engineers including design reviews, code reviews, and risk assessments
• Be the security contact for teams building new innovative services and technologies in the next version of Azure Edge and Windows Devices.
• Leverage a broad and current understanding of security to envision new protections
• Interact with the external security community and security researchers
• Collaborate with product teams to improve security, and articulate the business value of security investments
• Partner with teams inside and outside EPSF toward building security and compliance early in the product development process and in developing born secure, born compliant products.
• Define objectives and key results (OKRs) to measure product success and track progress against goals, iterating and optimizing as necessary
• Embody our &