The Microsoft Intune team is focused on enabling enterprises to manage and secure the ever-increasing number and usage of devices in the workplace. Intune is a cloud-based enterprise service that gives IT professionals the solution they need to enable their users to be productive on their devices - whether corporate or personal - while helping ensure corporate assets and data are secure. The Intune service supports multiple platforms (Windows, iOS, Android, and Mac), and integrates with key online services at Microsoft - including O365, AAD, and Azure. The opportunity to help our customers and be seen as the leader in the multi-billion dollar mobility management market is huge - and critical to Microsoft’s ongoing success in the enterprise.
Being successful in the cloud requires earning and maintaining the trust of our customers - both IT Pros and end users. As an online service, privacy, security, and compliance must be cornerstones of everything we do. The Intune team is looking for a highly motivated individual who is passionate about tackling the challenge of securing a critical service used by millions of people/devices every day. The ideal candidate for this role is an experienced security engineer who has worked with online services in delivering strategic innovative security designs as well as working with the infrastructure teams in solving day to day security, compliance, and business growth needs.
• Define and lead programs that support and align with a cloud based online service strategy and engineering requirements for evolving information security services, mechanisms, and safeguards.
• Drive the development and implementation of cloud based security policies and procedures, control standards, and operational practices. Lead the on-going operational security assessment and measurement of information security risk objectively and consistently.
• Analyze threats and current security controls to identify gaps in current defensive posture.
• Identify appropriate technology/data sources and drive the collection of data necessary to effectively evaluate threats.
• Develop metrics that demonstrate current risk state, indicators of progress, and business alignment for our security posture.
• Work in active partnership with Microsoft Cloud & Enterprise security teams and other cross company stakeholders to understand business and technical requirements and develop supporting security. principles and objectives that will enable alignment and growth.
• Work in active partnership with development teams during operational security reviews providing leadership and security design guidance.
• Communicate threat and vulnerability observations clearly to leaders and subject matter experts.
• Act as a liaison to Compliance and internal audit departments and work in conjunction with technical counterparts to remediate audit and security findings.
• Formally and informally respond to regulatory audit requests regarding information security services, mechanisms, and safeguards.
• Help develop communications and actively promote related campaigns for information security awareness across the organization.
• Keep current on business practices, technology, security issues and legislation that impact our security stance and commitments.
• Partner with software engineering, program management and SRE personnel to implement changes to process and technology.
• Bachelor’s degree in Computer Science, Engineering, Information Systems, Information Technology or a related technical field or 4 years of equivalent Security or Compliance-related experience.
• 5+ years of professional experience in a cloud-based or online services security engineering or service engineering role.
• Technical depth - including ability to quickly come up to speed on new technologies or patterns - to successfully engage and communicate directly with software engineering teams in assessing security risk of backend services, platform services, APIs, stored procedures, secrets, etc.
• Experience creating a reusable security framework working with corporate security and broader corporate programs.
• Experience creating security incident response processes and working with forensic handling methods.
• Deep understanding and experience with security methodologies, architecture, and practices, as well as security threats and appropriate mitigations.
• Experience implementing and tracking policies and procedures, control standards, and operational practices for compliance.
• Exemplary interpersonal verbal and written communication skills, with the ability to assemble, document, and present technical information and status to leadership.
• Outstanding cross-group collaboration skills and proven ability to drive initiatives across organizations. Experience and knowledge with compliance and regulatory frameworks, such as GDPR, ISO 27001, SOC 1 and 2, FedRAMP, NIST.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to firstname.lastname@example.org.
A little about us:
Microsoft offers training and employment opportunities to help you turn your military experience and skills into a civilian technology career.