Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Microsoft’s Customer Security and Trust (CST) organization in Corporate, External and Legal Affairs (CELA) Division has an immediate opening for a S oftware Engineer- Security and Privacy role in our engineering group (CST-E) . CST-E develops, deploys, and operates tools, services, and solutions critical for CST mission to protect our customers and promote global trust in Microsoft by ensuring compliance, enhancing security and transparency, and leading the fight against cybercrime as part of Microsoft Digital Crimes U nit and other operations with global impact .
This role will be part of the CST-E Security and Privacy Engineering Team , contributing to security initiatives within the organization and across Legal Division with the opportunity of bigger impact. You will contribute to strategic projects and assignments to help increase the security posture of cloud infrastructure and services, assessing security and privacy risks and contribute to improvements and remediation of issues.
This is a unique opportunity within Microsoft to work in a dynamic and collaborative team with impact across many services harvesting the power of the cloud , apply your Security and technical skills to empower analysts and investigators to keep our digital world safe for consumers and businesses across the globe.
A successful candidate will be passionate about secure development practices and architecture , reliability, cloud computing and automation necessary to strengthen the resiliency and security posture of our services and infrastructure .
Qualifications:
Basic qualifications:
- Bachelor’s Degree in Computer Science or related technical field AND 2+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
- OR equivalent experience.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred qualifications:
- Experience with infrastructure as codes and Azure DevOps pipelines
- Experience with secure development practices, identifying and fixing security issues in design, code and infrastructure
- In-depth knowledge of common security vulnerabilities and associated mitigations
- Familiarity with static and dynamic code analysis tools
- CISSP Certification (Certified Information Systems Security Professional) and / or SANS Security Training (Security Awareness Training)
- Experience with PowerShell and Phyton
- Experience with Containers and Azure Kubernetes including security best practices
- Security experience in modern AuthN/ AuthZ practices
- Understanding of cryptography
- Commitment to collaboration and teamwork and ability to deliver via influence
- Self-starter, who proactively identifies problems and drives for resolution
- 4+ years technical engineering experience with strong focus on security or related position
- 3+ years of experience with C# and .Net platform including design and implementation of cloud solutions
- 3 + years of experiences with Azure services, including containers (AKS ), App services, Azure Storage technologies, and best practices to secure these services
- 2 + years of working as part of an engineering team, or as a partner of the engineering team, to implement secure development lifecycle
Software Engineering IC3 – The typical base pay range for this role across the U.S. is USD $94,300 – $182,600 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $120,900 – $198,600 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
Responsibilities:
- EstablishstrongcollaborationwithEngineering team s in CST on new features,services, and updates to the product
- Participate in threat model reviews and help identify security flaws early in the design phases
- Assist teams to onboard and implement Security Development Lifecycle (SDL)
- Participate in security architecture reviews
- Fix security issues in code or infrastructure
- Perform code reviews to evaluate secu rity risks and improvements
- Build tools and automation as part of security initiatives across services
- Promote security awareness and provide training and good coding practices
- Supports operational security and security incidents as well as security reviews
- Help define, document, evolve, and evangelize secure engineering standards and best practices across multiple areas