Microsoft Corporation SECURITY SOFTWARE ENGINEER II in Redmond, Washington

Do you enjoy breaking things technically but are also capable of providing insight into fixing the issues identified? Is your passion understanding the security ramifications of software systems? What about the opportunity to work at the kind of scale most companies only dream of? Then this is an opportunity you may be interested in. Microsoft’s Windows and Devices Group (WDG) is responsible for some of Microsoft’s largest and most important online services including the Universal Store, Xbox LIVE, Microsoft Game Studios, and more.

To support such a diverse portfolio, WDG has a world class application security team. Our goal is to ensure a secure experience for millions of users all over the world. This team is primarily focused on application security but also work closely with our offensive and defensive security teams to continually improve our security posture and promote awareness.

The main responsibilities of this role include:

● Scope, plan and perform manual component reviews of our most risky services.

● The team uses various techniques such as: fuzzing, source code review and reverse engineering to find vulnerabilities in these critical components of WDG services or the services they rely on.

● Help identify and develop new static and runtime analysis capabilities and checks so that software security bugs in code can be found quickly and with high confidence. Push the cutting edge when it comes to automated analysis of managed code and modern web services.

● Perform Research, Training, and Tool Development to support the function.

Basic Qualifications:

● 3+ years of software development experience.

Successful candidates will have:

● BS or MS in Computer Science, a related field, or equivalent experience

● Strong coding skills including C#, HTML, ASP.NET, Node JS, JavaScript, etc.

● Experience testing web services, identifying and remediating OWASP top 10 security flaws, and understanding large complex systems quickly

● Experience of penetration testing and/or static code analysis

● Strong background in customizing static, dynamic and runtime analysis tools

● Solid verbal and written communication skills

● Solid teamwork and cross group collaboration skills

● Ability to deal with ambiguity

● Previous management experience a plus but not required for the right candidate

WDGSecurity

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to askstaff@microsoft.com.

Development (engineering)