Security Engineer II, Teams group
Microsoft
Microsoft Teams is the hub for teamwork used by millions of users to be more engaged and productive – every day. It is the primary collaboration app in many enterprises as well as a remote learning tool in many schools and universities.
Teams Security team focuses on keeping Microsoft Teams and its users safe and secure – across the full stack and all dimensions. We are seeking a talented and passionate Security Engineer II to join our team and help drive security and safety improvements within Microsoft Teams. If you live and breathe product security and safety, can navigate complex systems and data, crave learning new things, and would like your work to have positive impact on millions of users then this role is for you.
Responsibilities
-
Identifies and addresses underlying causes of security shortcomings. Develops security guidance to address shortcomings and to build best practices. Ensures identified vulnerabilities are resolved correctly. Leverages latest tools and technologies (e.g., artificial intelligence) to identify and mitigate security issues with minimal guidance.
Investigates, diagnoses, and triages security incidents with minimal guidance, deepening trust through proactive customer connection and crisis and incident response. Contributes to postmortem and root cause analyses for security incidents. Collaborates with others to create repair items, tools, and/or systems to support incident management. Begins to leverage Incident Management System(s) to update stakeholders during and after incidents as directed.
Leads security reviews, including architectural and design reviews, and documents findings in analysis reports. Applies best practices in security architecture, design, and development across feature areas. Identifies security risks and potential impact and collaborates with others to mitigate risks, escalating when needed. Helps monitor and respond to security events, potential vulnerabilities, exposures, and policy compliance issues, escalating as needed.
Contributes to efforts to ensure the correct processes are followed to achieve a high degree of security, privacy, safety, and accessibility. Checks for visible evidence (e.g., audit trail) to demonstrate compliance for product areas. Develops and holds an understanding of the implications of onboarding new technologies following expectations of compliance at Microsoft. Demonstrates and maintains an up-to-date understanding of both global and local regulations for technologies and system applications to ensure regulations are met.
Uses appropriate artificial intelligence (AI) tools and practices across the software development lifecycle (SDLC) in a disciplined manner. Takes responsibility for the content of their AI-generated changes to artifacts, reviewing all changes and applying appropriate tooling and processes with minimal guidance.
Exhibits subject matter expertise in class or set of security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities). Provides guidance to others in areas of expertise. Maintains current knowledge by investing time and effort. Proactively seeks opportunities to learn.
-
Qualifications
Required Qualifications:
- Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 1+ year(s) experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 2+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
- OR equivalent experience.
- Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years of experience in software development lifecycle, large scale computing, threat modeling, cyber security, anomaly or detection (enterprise experience)
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 5+ years of experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection (enterprise experience)
- OR equivalent experience.
Software Engineering IC3 - The typical base pay range for this role across the U.S. is USD $100,600 - $199,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $131,400 - $215,400 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.