Security Compliance Program Manager

Microsoft is looking for an exceptional technical Security Compliance Program Manager to join our Security Compliance team supporting Microsoft Research.  Our mission is to enable research as the value creation engine for Microsoft by providing a comprehensive release program that enables innovation while ensuring our information and services are protected. We support research teams across the globe in driving advances in research areas, such as Artificial Intelligence, Machine Learning, Health sciences, and Cryptography.   

 

We’re looking for a self-directed technical individual who wants the challenge of being the technical security SME to come help build our team. If you enjoy being part of what’s next in research and technology and partnering with researchers engineering teams to build secure and creative solutions, then this is the job for you!   

 

This is a trusted advisor role where you will be expected to enhance the security compliance program and evangelize security as a research enabler and differentiator. You will be working side by side with other compliance partners, conducting technical security assessments in support of company-wide compliance objectives for security controls. And, gathering requirements and building proof of concepts for improving visibility across our environments, and integrating new tools and automation for next generation security & compliance. You will be responsible for driving projects and solutions that help ensure that Research is aligned to our broader business needs. 

 

The successful candidate will have a passion for Security, with a desire in data analysis and solid capabilities in software engineering. This candidate must demonstrate a proven track record of driving process, tooling and automation improvements based on data analysis. You will get to work closely with compliance SMEs, the Release Program owners, and the best researchers around the globe, so the right individual will have a solid business acumen and be open to a collaborative growth-oriented workstyle. You will have the freedom to work independently, be thrust into ambiguous learning experiences and be empowered to drive decisions and solutions to protect this organization, so this person must be agile, willing to learn and not afraid to fail fast. 

 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

 

If you think you got what it takes, and you would enjoy being part making the future, Then Apply Now! 

Responsibilities

• Partner with research teams as a security subject matter expert during design/planning stages to help ensure Security requirements are designed and meet compliance objectives. 
• facilitate technical deep-dives and security threat model assessments to evaluate any concerns pre-release. Conduct application security reviews and penetration testing activities in support of releases 
• Ensure releases comply with all internal security development Lifecycle (SDL) standards. Work with stakeholders to develop customized implementation guidelines for the division where needed 
• Develop tools and automation in support of review and data collection activities. Build data visualizations and dashboards in support of security compliance needs. 
• Handle incident response activities; coordinate teams, and help triage and handle vulnerabilities and reported events. 

 

The individual will also be expected to contribute the following: 

• Understand the competitive landscape and provide proactive security guidance to teams 
• Identify and drive decisions by appropriately escalating security issues  
• Educate teams on security practices and requirements that are relevant and adoptable by researchers and engineers 
• Understand emerging issues and apply that in day-day work. 

Qualifications

Required/Minimum Qualifications

 

• 5+ years experience in software development lifecycle, large scale computing, modeling, cyber security, anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field
  • OR equivalent experience.

• 3+ years hands-on Programming or data science experience in one of more of the following: C#, R, Python, PowerShell, Typescript, JavaScript, node.js 
• 3+ years of data query and machine learning experience with one or more of the following: nosql, MongoDB, DocumentDB, Azure Data Lakes, Cosmos DB, Kusto or SQL 
• 2+ years in any operational security related field experiences, including but not limited to:  identity management, information protection, threat detection, or incident response. 

 

Preferred Qualifications:  

• Application Security: Experience with common classes of software vulnerabilities such as buffer overflows, cross-site scripting, cross-site request forgery, SQL injection, and cryptographic weaknesses.  
• BA/BS/MS in data science, computer science or security, -or- related field and work experience equivalent to 3-5 years specialization in Security, development or data science engineering 
• Security industry accepted certifications (CISSP, A+, CEH) 
• 4+ years professional experience in data science, machine learning, reporting and data visualization practices.  
• 5+ years professional experience in a dedicated security or customer supporting function 

 

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.  Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay       Microsoft will accept applications for the role until October 29, 2024.   

#research

 

 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.