- Job number1461535
Microsoft Azure is at the center of Microsoft’s cloud services strategy. Azure brings together virtualization, compute, storage, authentication, authorization, media and more to enable anyone to bring their business in the cloud. The Azure Security Engineering organization focuses on ensuring a secure Azure platform for developers and a secure experience for millions of users worldwide.
We are looking for a reliable and diligent engineer with excellent judgment and a strong track record in security and software engineering, who can bring his or her experience to bear on improving the state of the art. You will play a key role in advancing security by working with other Security Engineers, Program Managers, and Developers throughout the Azure organization to instill an ‘Assume Breach’ security mindset and culture.
Key Responsibilities include but not limited to:
- Analyzes complex issues using multiple data sources to identify security problems.
- Provides insights on security designs (e.g., design reviews, threat models).
- Understands overall feature architecture and aligns security analysis to it.
- Understands scope of problems and how they can affect down-level platforms.
- Identifies fewer common types of security issues, defects, or threats, in a product.
- Identifies and remedies security issues by collaborating with one or more feature teams.
- Evaluates products against security baselines (e.g., gap analysis) by comparing features in a product and initial features of the baseline.
- Identifies, prioritizes, and targets complex security issues that cause negative impact to customers.
- Creates and drives adoption of relevant mitigations.
- Suggests and drives appropriate response and remediation for issues.
- Develops guidelines and best practices to enable teams to avoid common patterns of issues.
- Uses subject matter expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities).
- Stays current in knowledge and expertise as security landscape evolves.
- Makes expertise available to others through sharing, coaching, conferences, and other means.
- Helps to make connections and assist in developing agreements between groups to clarify priorities and identify dependencies.
- Develops feedback channels and translates feedback into better security practices. Escalates issues as needed.
- Leads large-scale security reviews.
- Leads work on architectural and design security reviews for feature areas.
- Evaluates security risks and their impact to the affected services and works with Development Operation leads, engineering leads and researchers to mitigate risks.
- Monitors and responds to security events, potential vulnerabilities, exposures, and policy compliance issues.
- Takes product schedules, dependencies and risk assessments into consideration in performing security design and analysis.
- Creates a schedule for analysis of large feature areas that account for dependencies and meets milestones.
- Creates schedule for a security analysis that involves several stakeholders and that optimizes their time and effort.
- Conducts security research of Microsoft and competitor products.
- Researches, analyzes, and summarizes security threats and shares with Security Assurance and security tooling teams as enhancements to security compliance program.
To thrive in this position, you will need a deep technical understanding of multiple classes of security defects, along with a strong development skill and an understanding of popular languages and platforms and the ability to learn new information at a rapid pace. A strong track record in penetration testing, security consulting and general hacking are critical but the willingness and drive to improve the state of the art overall is even more important.
- Bachelor/Master of in Engineering, Computer Science, Mathematics, or equivalent experience or education.
- 7+ years of technical skills with C, C++, C# and scripting languages (Python/PowerShell/JS) and relational databases.
- 3+ years of computer security industry experience utilizing reverse engineering and knowledge of security/threat landscape.
- Strong knowledge of Windows operating system internals and modern security problems.
- Experience in technical disciplines outside the security space, including general software development, networking, database management, big data and full-stack development is a strong plus.
- Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms.
- Excellent cross group and interpersonal skills, with the ability to articulate the business need for security or detection improvements.
Interested candidates Click on below link Apply Online and you will be redirected to Career Page of Company or Career url.