Security Program Manager
Be a part of ground breaking innovation in one of the top research organizations in the world. The Artificial Intelligence + Research (AI+R) organization is looking for an exceptional Technical Security Compliance Program Manager to join our Security Compliance team supporting Microsoft’s Research & Incubation (R&I) organization. Our mission is to enable R&I to be the value creation engine for Microsoft by providing a comprehensive release program that enables innovation while ensuring our information and services are protected. We support research teams across the globe in driving advances in research areas, such as Artificial Intelligence, Quantum computing and Cryptography.
We’re looking for a strong, self-directed technical individual who wants the challenge of being the vulnerability management and threat detection PM to come help build our team. If you enjoy being part of what’s next in research and technology, and partnering with researchers and engineering teams to build secure and creative solutions, then this is the job for you!
This is a trusted advisor role where you will be expected to enhance the security compliance program and evangelize security as a research enabler and differentiator. You will be working side by side with other compliance partners, conducting technical security assessments in support of company-wide compliance objectives for security controls. And, you’ll be responsible for driving projects and solutions that help ensure that Artificial Intelligence and Research security collectively aligns to our broader organizational obligations, as well as stakeholder expectations and business needs.
The successful candidate will have a passion for Security, with a strong desire in data analysis and solid capabilities in software engineering, with a proven track record of driving process, tooling and automation improvements based on this analysis. You will get to work closely with compliance SMEs, the Release Program owners, and the best researchers around the globe, so the right individual will have a strong business acumen and be open to a growth-oriented collaborative work-style. You will have the freedom to work independently, be thrust into ambiguous learning experiences and be empowered to drive decisions and solutions to protect this organization, so this person must be agile, willing to learn and not afraid to fail fast.
If you think you got what it takes, and you would enjoy being part making the future, “without a net”, come talk to us.
• Define and drive execution of vulnerability management & threat detection strategy for protecting AI+R services
• Build and deploy tools and automation in support of vulnerability and threat discovery activities.
• Build data visualizations and dashboards in support of security compliance needs.
• Coordinate automated scanning and collection of security configurations and asset inventory
• Own Azure Secure onboarding for online service releases
• Partner with research teams as a security subject matter expert during design/planning stages to help ensure service health requirements are designed and meet compliance objectives.
The individual will also be expected to contribute the following:
• Understand the competitive landscape and provide proactive security guidance to teams
• Identify and drive decisions by appropriately escalating security issues
• Educate teams on security practices and requirements that are relevant and adoptable by researchers and engineers
• Understand emerging issues and apply that in day-day work.
•A passion for deeply understanding customer needs, protecting customer data and enabling the business.
•Attention to detail and willingness to dive into technical details
•2+ years data query and machine learning experience with one or more of the following: nosql, MongoDB, DocumentDB, Azure Data Lakes, Cosmos DB, or SQL
•2+ years in any operational security related field experiences, including but not limited to: identity management, information protection, threat detection, or incident response.
•2+ years of hands on practical experience in asset discovery, patch compliance.
•2+ years with vulnerability scanning tools, such as Qualys, OSQuery, PDQ, Devops Secure Toolkit
High enthusiasm, integrity, ingenuity, results-orientated, self-motivated, and resourceful
•Host Security: Experience with host secure configuration practices, patch management, vulnerability detection.
•Hands-on Experience with Geneva, Azure Security logging & Monitoring (SLAM), Windows Defender, Defender ATP, OMS, Azure Security Center.
•BA/BS/MS in data science, computer science or security, -or- related field and work experience equivalent to 3-5 years specialization in Security, development or data science engineering
•Security industry accepted certifications (CISSP, A+, CEH)
•2+ years professional experience in data science, machine learning, reporting and data visualization practices.
•2+ years professional experience in security consulting or in a dedicated security function
•2+ years professional program management experience building software solutions
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to firstname.lastname@example.org.