Microsoft Azure is at the center of Microsoft’s cloud services strategy and the future of Microsoft. Azure brings together virtualization, compute, storage, authentication, authorization, media and more to enable anyone to bring their business in the cloud. The Azure Security Engineering organization focuses on ensuring a secure Azure platform for developers and a secure experience for millions of users worldwide. The Azure Security Assurance team is seeking a Security Engineer with demonstrated experience in hardware, firmware, drivers, and other low-level components. As part of the Security Assurance team, you will perform security reviews, penetration testing, vulnerability analysis, develop solutions to remediate selected vulnerabilities, and provide consultation to teams to help them develop hardware, firmware, and related components securely.
We are looking for a detail-oriented, self-motivated, and highly communicative engineer who can geek out on the security details of a BMC, JTAG interfaces, FPGAs, disk controllers, and a wide variety of other low-level components. You will play a key role in advancing security by working with other Security Engineers, Program Managers, and Developers throughout the Azure organization to instill an “Assume Breach” security mindset and culture in our lowest level components. You will also be a mentor for junior peer engineers, helping them grow as security engineers, and participate in the broader Microsoft and industry-wide security community to advance the state of the art.
Key responsibilities include:
-Penetration testing: you will examine chosen target systems in detail, looking for vulnerabilities and weaknesses, and, in collaboration with other penetration testing and red teams around the company, demonstrate the value of an “assume breach” mentality.
-Emerging Threat and Vulnerability Research - You will be expected to be stay on top of emerging threats which affect cloud services through collaboration and original research, including proactive security research on the technologies that Azure, and our customers utilize and depend on. A very high level of creativity and thirst for knowledge are a must.
-Security Assessments - Parlaying research and knowledge into threat models and security assessments of Azure services, platforms and infrastructure. You have a goal to prioritize areas of security risk while identifying and addressing risks that affect Azure’s ability to protect, detect, investigate, and recovery from security vulnerabilities and targeted attacks.
-Security Code Reviews - Prioritize Azure’s highest risk features and review source code for security defects. File bugs on security defects that help remove potentially exploitable bugs from code and improve the security of Azure services. Tool Prototypes & development to automate penetration testing and the detection of vulnerabilities across a suite of Azure services
-Contribute to policies - Contribute to cross-company teams to ensure that our learnings are properly reflected in development and acquisition policies, standards, and practices, to ensure the lowest practical likelihood of repeating mistakes.
To thrive in this position, you will need a deep technical understanding of a broad technology set and the ability to learn new information at a rapid pace. Previous experience in security consulting, penetration testing, and general hacking are important, but a desire to take on big challenges and help improve the overall service engineering process is equally vital.
-Bachelor of Science, Bachelors, BA, BA CS, Computer Science, Mathematics, Engineering degree or equivalent experience
-7 years of experience in hardware security and/or software engineering
-Deep knowledge of hardware and low-level security issues, general security and a strong engineering and development skillset.
-Deep and broad understanding of security vulnerabilities and attacks (Hardware, Software, Network, and People) and ability to apply them or find new ones based on new technology being developed.
-Detailed knowledge of hardware virtualization and related code-isolation technologies, including Hyper-V and other hypervisors, containers, para-virtualization, application virtualization.
-Detailed understanding of encryption, containers, operating systems including Linux and Windows
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to firstname.lastname@example.org.
A little about us:
Microsoft offers training and employment opportunities to help you turn your military experience and skills into a civilian technology career.