Senior Security Engineer

Share job

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world.

The Azure AI Platform Security Team is seeking a Senior Security Engineer to help us safely usher in the next frontier in AI technology. If you have experience performing security assessments, penetration testing, threat modeling in cloud computing environments, and you are eager to secure the future of AI, we would love to speak with you!

In this role, you'll partner with product engineering teams to assess the security of their services and ensure that we live up to our security promises. You'll plan and manage your own security engagements, from enumerating the attack surface, setting up a test environment, evaluating the design and testing the implementation for security deficiencies, and providing your findings and recommendations for remediation. As you discover systemic issues and anti-patterns, you will be empowered to propose and drive solutions that raise the security bar across multiple services by eliminating entire vulnerability classes.

You should be comfortable reading and understanding code to analyze implementations for potential security vulnerabilities and inform your penetration testing. Familiarity with common web penetration testing tools such as Burp Suite or other intercepting proxies will be necessary. As you dive deep into a given service, you will examine all layers of the stack for the service, ranging from the web UI, the API, the cloud environment, cluster orchestration, and Linux-based nodes and containers. You'll have the opportunity to amplify your impact by suggesting product improvements that provide customers with a paved path to security by default.

Because this role focuses largely on the underlying platform, experienced security engineers who are new to the AI space are still encouraged to apply. We seek well-rounded individuals, and we leverage each other as appropriate to create a well-rounded team. While technical fundamentals are important, the ability to navigate both technical and organizational ambiguity, go deep in unfamiliar domains, independently develop subject-matter expertise, and build trust with partner teams will be required to succeed in this role.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Required/Minimum Qualifications:

• 5+ years experience in cybersecurity or software development
• OR bachelor's degree in computer science, Cybersecurity, or related field
• OR equivalent experience.
• 5+ years experience performing security assessments and penetration testing
• 3+ years experience securing cloud computing environments
• 3+ years experience with one or more of C#, Python, Rust, or JavaScript, PowerShell

Other Requirements

• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:
• This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until March 14, 2025.

#MSFTSecurity #CISOOrg #AzureSecurity

• Use subject matter expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities).
• Analyze complex issues using multiple data sources to identify security problems.
• Create new solutions to mitigate security issues; Help to drive resolution for systemic security issues.
• Effectively communicate security defects to stakeholders at various levels.
• Work as an effective and inclusive team player, sharing and learning from others.
• Other
• • Embody our culture and value