Principal Penetration Testing Engineer (Technical Lead)

Do you enjoy breaking things technically but are also capable of providing insight into fixing issues at scale? Do you have a passion for all kinds of offensive security work? What about the opportunity to work at the kind of scale most companies only dream of?

Are you looking for a challenge that puts you at the center of the Microsoft Edge + Platform Security Fundamentals (EPSF) strategy? Are you passionate about solving the security challenges of critical online services? Are you passionate about Penetration Testing? If so, we have an opportunity for you! We are looking for a Principal Penetration Testing Engineer (Technical Lead)

Microsoft's EPSF (Edge + Platform Security Fundamentals) team is responsible for securing some of Microsoft's largest and most influential online services in the Azure Edge & Platform (AEP) organization and Windows Devices organization (W+D). The EPSF Services Pentest (SERPENT) team needs an Offensive Security Engineer to increase our business partners' security posture.

We have a world-class offensive security team that helps to ensure a secure experience for billions of users all over the world. Our team is primarily focused on identifying systemic vulnerabilities across application, network, and operational security domains. We work closely with both our product and defense teams, providing an offensive perspective to their business.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

EPSF Security has a world-class penetration testing team that helps ensure a secure experience for millions of users worldwide. We primarily focus on offensive security and application security and work closely with our defense teams to continually improve our operational awareness.

As a Principal Penetration Testing Engineer (Technical Lead), your responsibilities will include the following:

People Management

• Managers deliver success through empowerment and accountability by modeling, coaching, and caring.
• Model - Live our culture; Embody our values; Practice our leadership principles.
• Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn.
• Care - Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others.

Discovery of Problems/Identifying Vulnerabilities

• Provides strategic guidance to teams on priorities, tactics, evaluation strategies, and development of methodologies. Ensures teams are resourced to achieve results. Escalates recommendations and mitigations and advocates for follow through as needed. Helps to establish standards and rules of engagement across the company. Identifies and implements appropriate metrics for organization.

Solution Engineering

• Works across multiple teams, divisions, and functional areas to support technical implementation of solutions that increase the ability to harden against, detect, and mitigate issues (e.g., malware, reverse engineering). Ensures teams develop and maintain areas of expertise, expand into new areas of expertise, and share best practices across teams.

Communication/Influence

• Works across multiple functional areas and/or stakeholders to provide technical perspective. Synthesizes perspectives to inform Microsoft's position on security issues and prioritize points for advocacy. Influences Microsoft's standing in the industry. Builds structural relationships to enable streamlined and efficient communications and collaboration.

Other

• Embody our culture and values

Qualifications

Required Qualifications

• 9+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

 Preferred Qualifications

• Master's Degree in Statistics, Mathematics, Computer Science or related field OR 10+ years experience in software development lifecycle, large- scale computing, modeling, cyber security, and anomaly detection.
• 10+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
• OR Master's Degree in Statistics, Mathematics, Computer Science or related field.
• CISSP, OSCP, GCIA, or SANS certifications is a plus.

Penetration Testing IC6 - The typical base pay range for this role across the U.S. is USD $161,600 - $286,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $209,600 - $314,400 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until October 16, 2024

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.