Penetration Tester

Overview

Are you looking for a challenge that puts you at the center of the Microsoft Security Fundamentals strategy? Are you passionate about solving the security challenges of Microsoft’s critical online services? Are you passionate about Penetration Testing?

Microsoft's Security Fundamentals team is responsible for securing some of Microsoft's largest and most influential online services in the Microsoft Specialized Clouds (MSC) organization and Windows Devices organization (W+D). The EPSF Services Pentest (SERPENT) team needs a Security Engineer to increase our business partners' security posture.

Responsibilities

MSC Security Fundamentals has a world-class penetration testing team that helps ensure a secure experience for millions of users worldwide. We primarily focus on online services security and work closely with our defense teams to continually improve our operational awareness.

Job Responsibilities

• Penetration Testing: Identify security vulnerabilities and their variants in critical services using various techniques such as source code reviews, dynamic analysis, operational security assessments etc. and validate software quality following our development standards.
• Security Automation: Participate in developing static and runtime analysis capabilities to find software security bugs quickly and with high confidence. Push the cutting edge when it comes to automated analysis of managed code and modern web services.
• Research, Training, and Tool Development: Perform research to stay current with the bleeding edge of penetration testing, defensive tools, and tactics. Leverage the output of this research for training and awareness across EPSF Security and innovation development efforts.

Qualifications

Minimum Qualifications:

• Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 1+ year(s) experience in security or related field OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 2+ years experience in security or related field OR equivalent experience.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications

• 3+ years of experience in identifying security vulnerabilities in online services through penetration testing.
• Demonstrated skills in one or more popular cloud platforms. Azure experience is a plus.
• Strong background in customizing static, dynamic security analysis tools.
• Solid verbal and written communication skills.
• Solid teamwork and cross-group collaboration skills.
• Ability to deal with ambiguity.
• Experience in technical disciplines outside security space, including general software development, networking, defensive security, database management, edge computing and full-stack development, is a strong plus.
• Demonstrated coding skills in one or more popular languages and platforms such as: C#, Python, and others.
• Bachelor of science or master’s degree in computer science, software engineering, information security or equivalent work experience.
• CISSP, OSCP/OSCE, GCIA, or SANS certifications is a plus.

Key skills/competency

• Penetration Testing
• Security Vulnerability Assessment
• Online Services Security
• Source Code Review
• Dynamic Analysis
• Security Automation
• Cloud Security (Azure)
• Static Analysis Tools
• Python
• C#