Offensive Security Engineer

Redmond, Washington, United States

Microsoft

Entdecken Sie Microsoft-Produkte und -Dienste für Ihr Zuhause oder Ihr Unternehmen. Microsoft 365, Copilot, Teams, Xbox, Windows, Azure, Surface und mehr kaufen

View all jobs at Microsoft

We are looking for a Offensive Security Engineer to join our team! Are you looking for a challenge that puts you at the center of the Microsoft Edge + Platform Security Fundamentals (EPSF) strategy? Are you passionate about solving the security challenges of critical online services? Are you passionate about Offensive Security?  

Microsoft's EPSF (Edge + Platform Security Fundamentals) team is responsible for securing some of Microsoft's largest and most influential online services in the Azure Edge & Platform (AEP) organization. The EPSF Services Pentest (SERPENT) team needs an Offensive Security Engineer to increase our business partners' security posture.  

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

 

Responsibilities

EPSF Security has a world-class penetration testing team that helps ensure a secure experience for millions of users worldwide. We primarily focus on offensive security and application security and work closely with our defense teams to continually improve our operational awareness.  

 

  • Penetration Testing: Identify security vulnerabilities and their variants in critical services using various techniques such as source code reviews, dynamic analysis, operational security assessments etc. and validate software quality following our development standards. 
  • Security Automation: Participate in developing static and runtime analysis capabilities to find software security bugs quickly and with high confidence. Push the cutting edge when it comes to automated analysis of managed code and modern web services. 
  • Research, Training, and Tool Development: Perform research to stay current with bleeding edge of penetration testing, offensive, and defensive tools, and tactics. Leverage the output of this research for training and awareness across EPSF Security and innovation development efforts. 

 

Other

Qualifications

Required Qualifications: 

  • 3+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
  • 3+ years of experience in identifying security vulnerabilities in online services through penetration testing 

 

 

Other Requirements: 

 

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: 

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter 

 

Additional or Preferred Qualifications

  • 4+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
    • o OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
  • BS or MS in Computer Science, a related field, or equivalent experience
  • coding skills 
  • background in customizing static, dynamic, and runtime analysis tools.  
  • Experience in technical disciplines outside security space, including general software development, networking, database management, and full-stack development, is a plus. 
  • Demonstrated coding skills in one or more popular languages and platforms such as: C#, Java, Python, and others. 
  • Bachelor of science or master’s degree in computer science, software engineering, information security or equivalent work experience. 
  • CISSP, OSCP, GCIA, or SANS certifications is a plus. 

Penetration Testing IC3 - The typical base pay range for this role across the U.S. is USD $98,300 - $193,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $127,200 - $208,800 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay


Microsoft will accept applications for the role until August 27, 2024

 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Job stats:  7  0  0

Tags: Application security Automation Azure C CISSP Cloud Computer Science Full stack GCIA Java Mathematics Offensive security OSCP Pentesting Python SANS SDLC Security assessment Strategy Vulnerabilities

Perks/benefits: Medical leave

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.