Security Software Engineer II
Be What's Next
Transform your career with Microsoft Services
Do you enjoy breaking things technically but are also capable of providing insight into fixing the issues identified? Is your passion understanding the security ramifications of software systems? What about the opportunity to work at the kind of scale most companies only dream of? Then this is an opportunity you may be interested in. Microsoft’s Windows and Devices Group (WDG) is responsible for some of Microsoft’s largest and most important online services including the Universal Store, Xbox LIVE, Microsoft Game Studios, and more.
To support such a diverse portfolio, WDG has a world class application security team. Our goal is to ensure a secure experience for millions of users all over the world. This team is primarily focused on application security but also work closely with our offensive and defensive security teams to continually improve our security posture and promote awareness.
The main responsibilities of this role include:
- Scope, plan and perform manual component reviews of our most risky services.
- The team uses various techniques such as: fuzzing, source code review and reverse engineering to find vulnerabilities in these critical components of WDG services or the services they rely on.
- Help identify and develop new static and runtime analysis capabilities and checks so that software security bugs in code can be found quickly and with high confidence. Push the cutting edge when it comes to automated analysis of managed code and modern web services.
- Perform Research, Training, and Tool Development to support the function.
- 3+ years of software development experience.
Successful candidates will have:
- BS or MS in Computer Science, a related field, or equivalent experience
- Experience testing web services, identifying and remediating OWASP top 10 security flaws, and understanding large complex systems quickly
- Experience of penetration testing and/or static code analysis
- Strong background in customizing static, dynamic and runtime analysis tools
- Solid verbal and written communication skills
- Solid teamwork and cross group collaboration skills
- Ability to deal with ambiguity
- Previous management experience a plus but not required for the right candidate
Company Type: Public Company
Company Size: 10,001+