Principal Penetration Testing Engineer (Technical Lead)

Job Opportunity: Principal Penetration Testing Engineer (Technical Lead)

Do you enjoy breaking things technically but are also capable of providing insight into fixing issues at scale? Do you have a passion for all kinds of offensive security work? What about the opportunity to work at the kind of scale most companies only dream of?

Are you looking for a challenge that puts you at the center of the Microsoft Edge + Platform Security Fundamentals (EPSF) strategy? Are you passionate about solving the security challenges of critical online services? If so, we have an opportunity for you!

Microsoft's EPSF (Edge + Platform Security Fundamentals) team is responsible for securing some of Microsoft's largest and most influential online services in the Azure Edge & Platform (AEP) organization and Windows Devices organization (W+D). The EPSF Services Pentest (SERPENT) team needs an Offensive Security Engineer to increase our business partners' security posture.

We have a world-class offensive security team that helps to ensure a secure experience for billions of users all over the world. Our team is primarily focused on identifying systemic vulnerabilities across application, network, and operational security domains. We work closely with both our product and defense teams, providing an offensive perspective to their business.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees, we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals.

Responsibilities

As a Principal Penetration Testing Engineer (Technical Lead), your responsibilities will include the following:

People Management

• Deliver success through empowerment and accountability by modeling, coaching, and caring.
• Live our culture; embody our values; practice our leadership principles.
• Define team objectives and outcomes; enable success across boundaries; help the team adapt and learn.
• Attract and retain great people; know each individual’s capabilities and aspirations; invest in the growth of others.

Discovery of Problems/Identifying Vulnerabilities

• Provide strategic guidance to teams on priorities, tactics, evaluation strategies, and development of methodologies.
• Ensure teams are resourced to achieve results; escalate recommendations and mitigations and advocate for follow through as needed.
• Help to establish standards and rules of engagement across the company.
• Identify and implement appropriate metrics for the organization.

Solution Engineering

• Work across multiple teams, divisions, and functional areas to support technical implementation of solutions that increase the ability to harden against, detect, and mitigate issues.
• Ensure teams develop and maintain areas of expertise, expand into new areas of expertise, and share best practices across teams.

Communication/Influence

• Work across multiple functional areas and/or stakeholders to provide technical perspective.
• Synthesize perspectives to inform Microsoft's position on security issues and prioritize points for advocacy.
• Influence Microsoft's standing in the industry and build structural relationships to enable streamlined and efficient communications and collaboration.

Other

• Embody our culture and values.

Qualifications

Required Qualifications

• 9+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.

• Microsoft Cloud Background Check : This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications

• Master's Degree in Statistics, Mathematics, Computer Science or related field OR 10+ years experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.
• CISSP, OSCP, GCIA, or SANS certifications is a plus.

The typical base pay range for this role across the U.S. is USD $161,600 - $286,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $209,600 - $314,400 per year.

Microsoft will accept applications for the role until October 16, 2024.

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to any characteristic protected by applicable local laws, regulations and ordinances.