Senior Security Software Engineer in Raleigh, NC

Employer: Microsoft

Location: Raleigh, NC

Type: Full Time

The Azure DevOps team is looking for great software engineers to help developers safeguard against vulnerabilities and critical security risks. We are seeking a Senior Security Software Engineer who is passionate about security, code, and contributing to secure development best practices. In this this position you will focus on improving security of one of the world’s largest DevOps service providers.

Learn more about Azure DevOps and what we build here

What makes this a great place to work?

There are many things, but here are the highlights:

  • We are our own customer. We are the first ones to use everything we build.
  • The team is full of smart people who care about the work they do. They are also a pleasure to work with - We thrive on comradery, helping each other and having fun together.
  • We make a point of ensuring people have work-life balance. We offer 3 months paid paternity leave for men and 5 months for women, 12 paid holidays (in addition to your vacation and sick leave) and a flexible working schedule.
  • We have a new, modern office that finds the right balance between encouraging collaboration yet ensuring the ability to focus when needed.
  • We run a hosted service which means that we ship new features daily. The work you do has immediate benefits to customers.
  • Our compensation tends to be higher than most other companies in the area.

Responsibilities

Key team responsibilities include:

Security Risk Reduction – Identify, assess and prioritize the highest security risks, develop solution strategies, own remediation plans and execution to eliminate security defects and mitigate risk.

Secure Development - Develop code fixes, templates and security toolsets to resolve security bugs and address classes of vulnerabilities. Participate in Threat Model reviews and provide security guidance to teams. Be on the forefront of defending against emerging threats which affect cloud services, including resolution of internally and externally found vulnerabilities.

Security Education and Leadership - Be an expert in secure development, architecture, design, implementation, and validation and be available to answer questions and give guidance on addressing security vulnerabilities. Work with Security Assurance and Engineering teams to define, present and adopt new best practices for secure service development and operations.

Penetration Testing - Participate and drive red and purple team operations. Analyze the security of production and pre-production system using offensive security techniques. Perform research to stay current with penetration testing tools, methodologies, tactics, and mitigations. Outline and document risk impacts in executive summary reports and communications to relevant stakeholders.

Qualifications

To thrive in this position, you'll need a deep technical understanding of a broad technology set and the ability to learn new information at a rapid pace. Strong development and communication skills, ability to deal with ambiguity, and a very high level of creativity and inquisitiveness are a must. You will have a passion for security and breaking things, and the ability to think like an adversary.

Minimum Qualifications

  • Bachelors degree in Computer Science, Mathematics, Engineering degree or equivalent experience
  • 7+ years’ experience in security and software development

Preferred Qualifications

  • Deep and broad understanding of security vulnerabilities, secure coding and mitigations (Applications, Operating Systems, Network and cloud services)
  • Strong engineering and development skills required, including: C#, .NET, PowerShell and SQL
  • Ability to drive technical investigations, prototyping and development in a fast-paced startup environment
  • Excellent analytical skills as well as communication skills both verbal and written
  • Experience owning and implementing large scale and highly available cloud services or distributed systems
  • Strong customer focus and data driven approach
  • Experience optimizing automation, reliability and monitoring of production services

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
  • Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements.
  • Fingerprint Background Check: This position will be required to pass a customer required Fingerprint Background Check.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.