​​Senior Security Engineer​

Overview

Microsoft is a company where passionate innovators come to collaborate, envision what can be and take their careers further.

This is a world of more possibilities, more innovation, more openness, and the sky is the limit thinking in a cloud-enabled world.

Microsoft’s Azure Data engineering team is leading the transformation of analytics in the world of data with products like databases, data integration, big data analytics, messaging & real-time analytics, and business intelligence.

The products our portfolio include Microsoft Fabric, Azure SQL DB, Azure Cosmos DB, Azure PostgreSQL, Azure Data Factory, Azure Synapse Analytics, Azure Service Bus, Azure Event Grid, and Power BI.

Our mission is to build the data platform for the age of AI, powering a new class of data-first applications and driving a data culture.

Within Azure Data, the databases team builds and maintains Microsoft's operational Database systems. We store and manage data in a structured way to enable multitude of applications across various industries.

We are on a journey to enable developer friendly, mission-critical, AI enabled operational Databases across relational, non-relational and Open Source Software offerings.

Microsoft’s Azure Data databases Red team is hiring a Senior Security Engineer . Our team utilizes a variety of offensive security techniques to continuously evaluate and enhance the security posture of the organization and its offerings.

We are dedicated to maintaining customer trust by staying one step ahead of the external attacker. We participate in both pre-release and post-release activities, conducting security reviews, penetration tests, and other ethical hacking exercises.

Our team is highly collaborative. We partner with a corresponding blue team to improve monitoring and detection in the classic attack / defend paradigm.

We partner with the databases’ product teams to drive security improvements in their products and processes. We even partner outside of our organization with other red teams across the company to identify systemic risks and share knowledge of attacks and techniques.

As a Senior Security Engineer, you will be at the forefront of such engagements and collaborations.

We do not just value differences or different perspectives. We seek them out and invite them in so we can tap into the collective power of everyone in the company.

As a result, our customers are better served.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals.

Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Qualifications

Required / Minimum Qualifications

5+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.

Other Requirements

Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings : Microsoft Cloud Background Check : This position will be required to pass the Microsoft Cloud background check upon hire / transfer and every two years thereafter.

Preferred / Additional Qualifications

6+ years experience in identifying security vulnerabilities, software development

lifecycle, large-scale computing, modeling, cyber security, and anomaly detectionOR Master's Degree in Cybersecurity, Computer Science or related field.

• Candidate should posses integrity, ingenuity, results-orientation, self-motivation, and resourcefulness in a fast-paced competitive environment.
• Ability to work collaboratively, solve problems with groups, find win / win solutions and celebrate successes.
• Fundamental understanding of security knowledge around native applications, web applications, distributed and database systems.
• Understanding of security issues for large scale cloud services and network infrastructures
• Possess a vast understanding of security vulnerabilities and attacks (Hardware, Firmware, Software, Network, and People), and the ability to understand new ones based on new technology being developed.
• Proficiency in Programming languages (C / C++, dotnet, JavaScript, Python, SQL, others) with expertise in troubleshooting and debugging skills.

Penetration Testing IC4 - The typical base pay range for this role across the U.S. is USD $112,000 - $218,400 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $145,800 - $238,600 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here :

Microsoft will accept applications for the role until July 15, 2024.

azdat

azuredata

azdat #azuredata #cloud #databases #appsec #pentest #redteam #offsec

Responsibilities

Security Assurance

• Understand current security trends and vulnerabilities.
• Participate in security design reviews and threat model reviews prior to the release of new products or features, communicating clearly the different security options and tradeoffs.
• Deliver broadly available security trainings based on learnings from previous exercises or incidents.

Penetration testing

• Ramp up and understand new designs, systems, and technology as they are built.
• Participate in comprehensive assessments of features and large-scale applications and environments. This includes mapping out the surface area and assessing prioritization based on time, resource, and general importance tradeoffs.
• Find vulnerabilities in various spaces such as web applications, native applications, database systems, authentication flows, distributed systems and designs, and protocols.

Pulling from a flexible knowledgebase of topics such as Open Web Application Security Project , memory corruption, privilege escalation, networking, and etc to find both common and uncommon issues.

Red teaming

• Participate in targeted campaigns (planning, scoping, approval, reconnaissance & discovery, execution of attacks, pivoting, persistence, and remediation) against both pre-production and production environments.
• Navigate through an ecosystem of multiple domains, technologies, protocols, and stakeholders.

Embody our and

Benefits / perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Industry leading healthcareEducational resourcesDiscounts on products and servicesSavings and investmentsMaternity and paternity leaveGenerous time awayGiving programsOpportunities to network and connect