Office 365 Security has its own full-time penetration test team, whose purpose is to assess the ability of Office 365 to prevent, respond to, and recover from, different types of malicious attacks. As a Software Engineer on the Office 365 Penetration Test Team (OPen), you will conduct these attacks while evading detection, communicate your findings to the affected teams, and work with engineers to understand how best to remediate and improve. Helping the service be ready for attack is ultimately our goal, and you will help accurately emulate the adversary so that O365 can be more prepared for its attackers.
As a Security Engineer in Office 365, you will play a key role in advancing the security of Office 365, working with all disciplines, including Incident Response teams and other pen test teams to advance and solidify a security-aware culture in Office 365, and to exercise security capabilities. Responsibilities include:
Penetration Testing - Parlaying research into actual exploits and doing in-depth hacking on Office 365 services. You will identify vulnerabilities through simulated external and internal attacks which validate Microsoft’s ability to prevent, detect, respond and recover.
Tool & Other Development – Develop a security toolset which increases the O365 penetration testing team's ability to find and exploit network, Windows, and web application vulnerabilities and increases the ability of Office 365 Pen Test to act as real attackers after breaching services. Additionally, you will provide tooling to help development teams do as much security assessment of their own services as possible.
Emerging Threat Research - Being on the forefront of emerging threats which affect online services. This includes research of externally found exploits as well as proactive research on technology Office 365 utilizes and depends on. Perform case studies of recent incidents affecting cloud providers.
Communication & Presentation - Be an expert in security and be available to O365 teams to answer questions and give guidance on addressing and detecting security vulnerabilities. Present findings through proof-of-concept exploits, white papers, bugs, presentations and Penetration Test reports.
To thrive in this position you will need to gain technical understanding of a broad technology set, the ability to pick up others at a rapid pace, strong technical and communication skills, ability to deal with ambiguity and autonomy, and a very high level of creativity and inquisitiveness.
• 1+ Years of industry design and development or information security experience
• Bachelors of Science, Bachelors, BA, BA CS, Computer Science, Mathematics, Engineering degree
• Strong Development skills, experience with multiple different languages
• Real passion for security and exploitation is the chief prerequisite
• Common web application security issue exploitation
• Active Directory
• Azure\AWS exploitation
• Use of Exploitation frameworks (such as Metasploit)
Candidates must be able to meet all federal government security screening requirements as indicated for this role. Federal security screening requirements call for applicant to verify U.S. Citizenship. Additional customer screening requirements may include additional items such as, but not limited to: specialized agency background checks (either national or local) and fingerprinting, as well as the ability to obtain a government personnel security clearance. All employees hired into roles supporting Cloud Offerings will also be required to pass Microsoft background checks prior to the start of employment and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to firstname.lastname@example.org.
A little about us:
Microsoft offers training and employment opportunities to help you turn your military experience and skills into a civilian technology career.