Are you passionate about Security?
The Application Consulting & Engineering security team is rapidly growing and we are in search of excellent qualified candidates. If you have what it takes, why don't you email us?
Job Description - Security Technologist - Redmond WA
Are you passionate about security? Are you a veteran in the art of hunting down security issues and making sure they are properly addressed? Have you ever wanted the opportunity to shape the security posture of the world's largest software company by being responsible for not just one application, but for thousands throughout the enterprise?
If so, then the Application Consulting & Engineering (ACE) team wants to hear from you. We’re looking for a passionate and talented candidate to help us realize the vision of Trustworthy Computing by conducting security analysis of web and network based business applications.
As well as conducting security analysis using both black box and white box methodologies, you will contribute expertise gleaned from previous assessments to application threat models and design reviews, as well as provide security consulting to application development teams throughout Microsoft.
You’ll be responsible for providing guidance and recommendations for mitigating the vulnerabilities you identify. The successful candidate will be required to assess security flaws, determine mitigation strategies and drive fixes to resolution.
Your expertise will be counted on to help implement security policies, procedures and application architecture at Microsoft. You’ll also be responsible for mentoring and overseeing vendors that the ACE team may employ, helping ensure the quality of their work. Finally, you’ll provide key contributions in the design and implementation of the methodology, tools, techniques and code libraries used by the ACE team and its customers to secure the next generation of applications at Microsoft.
- Candidates must have a minimum of 3-5 years of experience developing software for the Microsoft platform using programming languages and development platforms including C/C++, C#, VB, VB.NET, and SQL
- Candidates should be thoroughly familiar with Microsoft’s development frameworks both past and present this includes: COM, COM+, DCOM, and .NET
- They should also have a minimum of 3 years of experience performing security assessments of computers, networks and/or applications
- Strong understanding of well-known attack types such as cross-site script, SQL injection, buffer overflows (both stack and heap based), format string bugs, etc is also required.
- Additionally, they must have comprehensive knowledge of secure protocols, authentication/authorization controls and cryptographic concepts.
The candidate must demonstrate an understanding of network architecture and appliances, including routers, firewalls, HSM devices, load balancers, et cetera. Strong communication skills including experience conducting presentations to senior management (GM to CIO level) is also a must.
A BA/BS in Computer Science or related field is preferred and certifications such as the CISSP are considered a strong plus. Lastly, a strong work ethic and the desire to assist the ACE team to achieve Microsoft’s long-term Trustworthy Computing goals.
Microsoft is an equal opportunity employer and supports workforce diversity.