Microsoft Senior Application Security Specialist 

United States 

981753443

The Trust & Integrity Protection (Application Security Specialist, assess, and remediate security risk for applications across our vast tools and technology ecosystem. Our Assurance team executes programs that assess applications and infrastructure for privacy, security, governance, risk, and compliance.  Our larger organization provides guidance and oversight across the Microsoft Customer & Partner Solutions (MCAPS) division.

In this role, you will provide technical depth andto a team of security professionals performing application and infrastructure security assessments across the business. You will support and help guide the team as they work with application developers to ensure that their applications meet our rigorous requirements for security, privacy, accessibility, and resilience.  You will work with the team to define the state of the practice in application development security.  You will also define and manage key measures for security across a diverse organization.  Key to this role is your technical aptitude for application security, overall technical depth, security risk management,, and operational ability to managea multiple heterogenousprojects simultaneously.  Also critical are proficient program management skills, the ability to influence without authority, to work in a quickly changing area, and be able toyour work to partners and leadership.

Our team values capable and active cross-team communication and collaboration, and proactive sharing of learnings and best practices to help make our whole team better. At the same time, to be successful in this role you need to be a self-motivated driver who can succeed with limited direction.  You will work with a team of collaborative security professionals who will value you as an individual and support your professional development.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required/Minimum Qualifications:

• Bachelor's Degree AND 4+years experiencein engineering, product/technical program management, data analysis, or product development

o OR equivalent experience.

• years experiencemanaging cross-functional and/or cross-team projects.

• years experiencein application security or software development lifecycle practices.

or Preferred Qualifications:

• Ability to coordinate complex process reviews, interpret the results and articulate the findings in a clear and concise manner.

• such asCertified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), or other discipline specific certifications.

• asic to moderate understanding ofreading and/or writing code (e.g.sample documentation, product demos).

• .

• Effective written and oral communication skills, with the ability to tailor communications based on audience.

• Self-motivated with ability to work with little supervision.

• Ability to analyze complex problems, think creatively, communicate recommendations, influence change and drive process and structure into a dynamic environment.

• Understanding of a broad range of technologies including cloud computing, networking, cloud application design and development tools/processes, and common cloud-based application architectures.

Technical Program Management IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.Certain roles may be eligible for benefits and other compensation. Findbenefits and pay information here:Microsoft will accept applications for the role until September 11, 2024.

• Vulnerability Identification and Mitigation:Regularly assess security,identifyvulnerabilities, and work with development teams to remediate them. This involves activities like code review, dynamic testing, and threat modelling.

• Threat Modeling:Analyze software systems toidentifypotential threats and vulnerabilities.Create  threatmodels that outline potential attack vectors and help prioritize security efforts.

• Secure Code Review:Review code written by developers toidentifysecurity flaws, adherence to coding standards, and best practices. Ensure that security is integrated into the development lifecycle.

• Security Testing:Perform various security tests, including static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST), toidentifyand uncover vulnerabilities in applications.

• Security Training:Conduct security training sessions for developers, QA engineers, and other stakeholders.

• Incident Response:In the event ofa security incident or breach, application security engineers play a critical role in investigating,containing, and mitigating the impact. They collaborate with incident response teams.

• technical guidance for Application onboardingactivities and support application developers in navigating the review process.

• Design and develop roadmaps and prioritiesfor the Assurance program as it applies to tools and services built in MCAPS.

• Lead andidentifycross-organizational teamsto create andmaintaintool security guidance.

• Build and nurturepositive working relationships with stakeholders andleadership, andbe engaged as a trusted advisor within MCAPS.

• Work closely with various engineering organizations and tool ownersto support their programmatic initiatives to shift left the Assurance function in the development cycle.

• Design and implementprocess improvements to the Application Risk Assessment program.

• with the tools and technologyreview and assessment processes toidentifydata protection and compliance-related gaps.

• our