Microsoft Security aspires to make the world a safer place for all by reshaping security and empowering users, customers, and developers with a security cloud. Azure DevSec ensures Azure is the most secure platform in the world and delivers a secure experience for millions of users worldwide. The DevSec team is looking for a Senior Security Software Engineer to work on proactive security assessments and mitigation of vulnerabilities in Azure services.
Requirements
- 5+ years experience identifying security vulnerabilities, software development lifecycle, large-scale computing, threat modeling and security architecture
- 3+ years experience regarding multiple classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, TOCTOU (Time of Check Time Of Use) vulnerabilities, cryptographic weaknesses, insecure direct object references, and others, and the ability to communicate about them to technical and non-technical audiences.
- 3+ years experience reviewing code across common programming languages (C, Rust, Python, Java, Go, C++) to identify vulnerabilities and provide mitigations
- 3+ years experience writing code across common programming languages (C, Rust, Python, Java, Go, C++) building automation to mitigate vulnerabilities
- 6+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
Responsibilities
- Take a lead role in driving security reviews involving a combination of architecture reviews, threat modeling and penetration testing
- Effective collaboration with cross-functional teams to identify and help mitigate vulnerabilities in Azure core services.
- Act as a subject matter expert to provide consultation for security incidents as required and mentor other members of the team.
- Exercise technical curiosity and partner across security disciplines to help address security issues, patterns, and trends.
- Contribute to new and existing security tooling and automation to scale vulnerability discovery and mitigate classes of attacks.
Other
- Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
- This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- Leadership, empathy, interpersonal and communication skills
