Security Engineer II -CTJ - Poly

Do you want to find and exploit security vulnerabilities that impact hundreds of millions of users? Join the M365 Penetration Testing team where you'll emulate real-world attacks against Microsoft 365 services. We help ensure our services are ready to face and respond to even the most determined adversaries by exploring new ways to find and prevent security flaws.

We are looking for a Security Engineer II to work alongside teammates experienced in identifying and exploiting vulnerabilities in all layers of the services including application, cloud, network, and operational security domains. You'll also have the opportunity to work across Microsoft with developers and security personnel across multiple teams. Your work will help protect some of the largest and most complex services in the world, including Exchange Online, SharePoint Online, Microsoft Defender, and Microsoft Teams.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

1. Discover and exploit vulnerabilities end-to-end in order to assess the security of services.
2. Execute Red Team operations using real world adversarial tactics and techniques to validate a production service's ability to detect, investigate, and respond.
3. Advocate for security change across the company through building partnerships and clearly communicating impact of risks.
4. Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery.
5. Collaborate with Blue Teams to improve readiness and produce solutions for defenders and customers.
6. Research new and emerging threats to inform the organization, improve red teaming efficacy and accuracy, and stay relevant.
7. Assist other team members and pen testers at Microsoft in offensive techniques and approaches.
8. Team up with other Offensive Security personnel at Microsoft to leverage the latest trends, and identify good opportunities for attack.
9. Work directly with external test teams in assessing our environments.
10. Advocate for new work items and testing approaches to continuously improve offensive activities.
11. Maintain and assure quality of supported tools and services from pen test.
12. Any other reasonable activity required by management.

Qualifications

Required/Minimum Qualifications:

1. 3+ years experience in any of the following: identifying security vulnerabilities, software development lifecycle, Software Engineer in Test (SET/SDET), large-scale computing, modeling, cyber security, or related security discipline.

Other Requirements

Security Clearance Requirements: Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

1. The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.
2. Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
3. Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.