Senior Security Engineer

Microsoft is a company where passionate innovators come to collaborate, envision what can be and take their careers further. This is a world of more possibilities, more innovation, more openness, and the sky is the limit thinking in a cloud-enabled world. 
 
Microsoft’s Azure Data engineering team is leading the transformation of analytics in the world of data with products like databases, data integration, big data analytics, messaging & real-time analytics, and business intelligence. The products our portfolio include Microsoft Fabric, Azure SQL DB, Azure Cosmos DB, Azure PostgreSQL, Azure Data Factory, Azure Synapse Analytics, Azure Service Bus, Azure Event Grid, and Power BI. Our mission is to build the data platform for the age of AI, powering a new class of data-first applications and driving a data culture. 

 

​​Within Azure Data, the databases team builds and maintains Microsoft's operational Database systems. We store and manage data in a structured way to enable multitude of applications across various industries. We are on a journey to enable developer friendly, mission-critical, AI enabled operational Databases across relational, non-relational and OSS offerings. 
​ 

​​​​Microsoft’s Azure Data, Databases Security team is hiring a Senior Security Engineer. Our team utilizes a variety of offensive security techniques to continuously evaluate and enhance the security posture of the organization and its offerings. We are dedicated to maintaining customer trust by staying one step ahead of the external attacker. We participate in both pre-release and post-release activities, conducting security reviews, penetration tests, and other ethical hacking exercises. Our team is highly collaborative.  
 
We partner with a corresponding blue team to improve monitoring and detection in the classic attack/defend paradigm. We partner with the databases’ product teams to drive security improvements in their products and processes. We even partner outside of our organization with other security teams across the company to identify systemic risks and share knowledge of attacks and techniques. As a Senior Security Engineer, you will be at the forefront of such engagements and collaborations.  

​​ 

We do not just value differences or different perspectives. We seek them out and invite them in so we can tap into the collective power of everyone in the company. As a result, our customers are better served. 

Responsibilities

Security Assurance  

• Stay current on emerging security trends, vulnerabilities, and threat landscapes relevant to cloud and database systems. 
• Participate in security design and threat model reviews, offering clear guidance on tradeoffs and mitigation strategies. 
• Deliver broadly available security training based on learnings from previous exercises or incidents.  

Penetration testing  

• Ramp up and understand new designs, systems, and technology as they are built.  
• Conduct comprehensive penetration tests of features and large-scale applications and environments. This includes mapping out the surface area and assessing prioritization based on time, resources, and general importance of tradeoffs.  
• Find vulnerabilities in various spaces such as applications, native applications, database systems, authentication flows, distributed systems and designs, and protocols. Pulling from a flexible knowledgebase of topics such as OWASP, fuzzing, privilege escalation, networking, etc., to find both common and uncommon issues. 
• Navigate through an ecosystem of multiple domains, technologies, protocols, and stakeholders. 

Embody our culture and values 

Qualifications

Required/Minimum Qualifications 

• Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years' experience in security or related field OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years' experience in security or related field OR equivalent experience. 
• 3+ years' experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.    

Other Requirements 

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: 

• This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. 

Preferred/Additional Qualifications 

• Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in security or related field OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in security or related field OR equivalent experience.
• Experience in a fast-paced competitive environment.   
• 5+ years of experience in penetration testing and/or red teaming for a large scale cloud services and infrastructure.
• Working Knowledge of security knowledge around native applications, web applications, distributed and database systems.  
• Understanding of security issues for large scale cloud services and network infrastructures 
• Experience working on security vulnerabilities and attacks (Hardware, Firmware, Software, Network, and People), and the ability to understand new ones based on new technology being developed.  
• Proficiency in Programming languages (C/C++, dotnet, JavaScript, Python, SQL, others) with expertise in troubleshooting and debugging skills. 

Penetration Testing IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.  Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay      Microsoft will accept applications for the role until August 15, 2025.  

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

 

#azdat #azuredata #cloud #databases #appsec #pentest #redteam #offsec