Program Manager 2

Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

We are looking for an information security analyst to help teams meet adapting to meet modern and enhanced security requirements. You will develop solutions that balance business and technical requirements and defend those solutions to senior leadership. You’ll be developing technical and administrative controls, working with teams to understand mitigation requirements, and assessing the level of residual risk. Where business needs require, you will assess requests for exceptions to security policies.

The ACE team is the assessment & advisory arm of Microsoft’s Enterprise security organization. Our team is a dynamic organization chartered with providing Line of Business, Supply Chain and Venture Integration Security assurance as well as advisory services to both Microsoft and a few selected high priority customers to help effectively identify and mitigate security risks. We are a high energy, highly collaborative team with a very healthy organization and we are deeply committed to have a dramatic impact as a team.

The Microsoft enterprise has modernized its engineering practices and continue to push the envelope for faster innovation by leveraging true DevOps, automation and agile approaches to design and develop Line of Business applications.

The successful candidate for this role will work across teams and engineering teams to deliver security assessments and guidance for Line of Business applications and infrastructure.

Key responsibilities:
• Ensure that the controls, platforms, and tools which support the assessment processes are aligned to the latest security trends and engineering models.
• Work with Microsoft engineering teams to advocate security & risk management into their businesses.
• Work autonomously as well as in team environments, often in stressful, high impact situations.
• Analyze requests for exceptions to security policies and procedures.
• Identify the risk of granting the exception.
• Work with requestors to develop mitigations.
• Present conclusions to senior leadership for approval. This position is based in Redmond, WA, and may require occasional travel (less than 10%).

Knowledge, experience and skills:
• Strong technical skills - identity and access management, network security and operations, cloud technologies and other infrastructure
• Strong collaboration and team player skills.
• Enjoy helping your peers to be great
• Excellent written, verbal and presentation skills
• Manage ambiguity, with an ability to drive clarity with the ability to see the big picture
• Highly motivated to have a strong and long-lasting impact
• Strong cross group and the ability to negotiate with senior talent across the company is critical.
• A growth mindset is critical as we are looking for new ways to engage and scale our programs

Preferred skills, not required:
• 5+ Year experience working in information security
• 5+ Year experience in program management
• Knowledge of static, dynamic and runtime security technologies for the enterprise.
• Working knowledge information security and risk management processes and controls including security operations, security architecture, security assessments, security engineering, risk management and compliance.
• Experience working cross-group and on multiple projects at one time.
• Preferred certifications: CISSP, SSCP, MCSE, CCNP

The ideal candidate will have experience in a team environment, experience in conducting technical assessments and providing guidance to remediate security gaps. In addition, this position requires an individual who can demonstrate the ability to work in a fast-paced environment with other members of DSRE and through partnership with engineering teams. Ability to communicate with business and security decision makers is crucial.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to