Senior Security Engineer, Enterprise Client & Mobility

Full Time
Redmond, WA
Industry: Computer Software
Areas of Interest: Software Assurance and Security Engineering, Strategic Planning and Policy Development
report a problem
Overview


Be What's Next
Transform your career with Microsoft Services

Do you love the practical aspects of cyber security?   Are you interested in working with a team driving world-class security for the Enterprise Client & Mobility (ECM) Security Services team?   Can you scale to meet the challenge of securing a service used by millions of people every day?   The ECM Security team, part of Microsoft’s Cloud & Enterprise (C&E) division, is looking for an experienced security engineer who has worked with online services in delivering strategic innovative security designs as well as working with the infrastructure teams in solving day to day compliance and business growth needs.

Responsibilities:

  • Define and lead programs that support and align with a cloud based online service strategy and engineering requirements for evolving information security services, mechanisms, and safeguards.
  • Lead the development and implementation of cloud based security policies and procedures, control standards, and operational practices.
  • Partnering with engineering, program management and operations personnel within the service delivery organization to implement changes to process and technology.
  • Developing metrics that demonstrate current risk state, indicators of progress, and business alignment for those activities.
  • Lead the on-going operational security assessment and measurement of information security risk objectively and consistently.
  • Analyzing threats and current security controls to identify gaps in current defensive posture.
  • Identify appropriate technology/data sources and drive the collection of data necessary to effectively evaluate threats.
  • Ensure that operational, security incident trends and observations are considered with regard to the evolution of the ECM Platform's information security services and capabilities.  
  • Work in active partnership with C&E security teams and other cross company stakeholders to understand business and technical requirements and develop supporting security principles and objectives that will enable alignment and growth.
  • Work in active partnership with development teams during operational security reviews providing leadership and security design guidance.
  • Communicate threat and vulnerability observations clearly to leaders and subject matter experts.
  • Acts as a liaison to Compliance and internal audit departments and work in conjunction with technical counterparts to remediate audit and security findings.
  • Developing metrics that demonstrate current risk state, indicators of progress, and business alignment for those activities.
  • Formally and informally respond to regulatory audit requests with regard to information security services, mechanisms, and safeguards.
  • Help develop communications and actively promote related campaigns for information security awareness across ECM.
  • Keep current on organization's business practice, technology, security issues and legislation that impact the company’s security policy.
  • Communicating objectives, strategies and progress to stakeholders.

Basic Qualifications:  

  • BS or BA in Computer Science, Information Systems, Information Technology or a related field or 4 years of equivalent Security or Compliance-related experience.
  •  5+ years’ professional experience in a cloud-based or online services security engineering or service engineering role.  
  • 5+ years’ experience in a compliance related activity in a cloud-based or online services environment.  
  • 5+ years’ experience in program management, ideally creating a security framework, SIRRP process and/or forensic handling methods.
  • 5+ years’ experience in working on large-scale online cloud based services.
 

Preferred Qualifications:

  • Experience creating a reusable security framework working with Corporate security and broader corporate programs highly preferred.
  • Have either worked on or been part of an online service compliance team and have completed 2 or more annual audit cycles is highly regarded.
  • Demonstrated critical thinking skills; familiar with tools for structured decision making.  
  • Able to form working relationships and drive alignment with diverse stakeholders.

 

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

 

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

 

 

Microsoft is an equal opportunity employer.   All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.



Share this job:

Microsoft

Be What's Next Transform your career with Microsoft Services
Come as you are. Do what you love. At Microsoft we help people and businesses throughout the world realize their full potential. We make this simple mission come to life every day through our passion to create technologies and develop products that touch just about every kind of customer. Working at Microsoft gives you the opportunity to do things that make a real difference in millions, even billions, of lives. To reach your full potential. So why not take a closer look at Microsoft? We think you’ll find that amazing things really do happen here.
Visit Microsoft's Social Media pages:
Company Industry: Computer Software
Company Type: Public Company
Company Size: 10,001+