CASY-MSCCN Jobs

Adaptive cloud is a new and exciting domain, combining both cloud and edge infrastructure, providing Microsoft customers with a seamless experience, regardless of where they run their workloads. Security is a priority for our customers in this domain, that contains a complex threat model, regulatory scrutiny, and product complexity.

The Edge & Platform Security Fundamentals (EPSF) org ensures we ship the world's most secure operating systems, cloud platforms, and edge devices. We conduct research into the highest priority attack surfaces and scenarios, including into Microsoft strategic investments such as Adaptive Cloud, AI, and next generation OS. Our research teams include leading researchers in this domain, finding and fixing critical issues. Aside from security research, we also emphasize a move to shift-left the discovery of security incidents via automation to reduce toil and tax on Microsoft engineers.

In this role, you will contribute to the development and execution of the security vision, roadmap, and priorities for the EPSF IL group, collaborating closely with the security researchers in EPSF IL. You will map new domains, analyze potential targets for research, prioritize and schedule security assessments and sync them with the development efforts, define processes to ensure adherence to EPSF security recommendations across product groups, and monitor their implementation. You will serve as the primary contact point for product teams engaging with EPSF IL, understanding their requirements and security challenges. You will also be the main contact point to the broader EPSF PM organization, ensuring alignment across geos, and a unified strategy. You will gather data and present metrics reflecting progress towards EPSF IL goals, triage incoming queries, and maintain visibility into new products being developed.

Responsibilities

• Help develop and drive the security vision, roadmap, and priorities of the EPSF IL group.

• Prioritize and schedule security assessments and development work in coordination with EPSF IL Security researchers.

• Help define the processes to ensure product groups are following and addressing security recommendations, and monitor these recommendations are applied.

• Defining objectives, key results, and corresponding work items for EPSF IL teams, in coordination with EPSF IL staff.

• Serve as the focal point of EPSF IL for engineering product teams, understand product teams requirements and security pain points.

• Serve as the main contact point to the broader EPSF PM org, aligning our goals and standards to the greater EPSF.

• Collect data from Engineering Systems and other sources to present metrics that show progress towards EPSF goals.

• Triaging incoming questions to the EPSF IL team and ensuring that questions get responses.

• Ensure we have visibility into products and features being developed under EPSF purview.

Qualifications

• Bachelor’s degree in engineering, product/technical program management, product development, security, or equivalent experience.

• 8-12 years of engineering, security, or any other technical experience.

• Out of which 3+ years' experience as a Security Program or Product Manager.

• Experience working with Security teams, product groups and operational teams.

• Experience analyzing products, identifying potential security risks, and prioritizing security research/development.

• Experience planning, researching, and developing security policies, standards, and procedures.

• Demonstrated verbal/written communication and data presentation skills, including communicating effectively with different business groups and project teams.

• Ability to collaborate with others and work as a team and with stakeholders across the globe.

Preferred qualifications

• Experience in hands-on security research, security architecture and vulnerability findings.

• Experience in vulnerability management & disclosure, security issues triage, fix and coordination across multiple teams and stakeholders, including cross company.

• Previous experience in hackathons coordination and participation, including with external partners.

• Knowledge in security mitigations, as well as automation tools such as fuzzers, static analyzers and other scanners.

#EPIL #EPSFIL

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .