Security Software Engineer

Location
Cheltenham, Gloucestershire
Salary
Competitive salary + benefits
Posted
27 Jul 2017
Closes
24 Aug 2017
Contract Type
Permanent
Hours
Full Time

How would you like to be on the front lines of Microsoft’s battle with 0-day security vulnerabilities, hackers, and active cyber-attacks?

Do you like getting your hands dirty digging into vulnerabilities to learn what makes them tick and how they might be used maliciously?   Do you also enjoy the thought of competing with security researchers around the world searching for never before seen vulnerabilities?  

Microsoft’s MSRC Vulnerabilities & Mitigations group, is looking for a Security Software Engineer to help out on a highly technical team whose mission is to protect 440 million people from software vulnerabilities.

Use your knowledge and passion to improve the security of all Microsoft products by playing a critical role in the security updates that ship on the second Tuesday of every month. Work in a team of avid security professionals reading source code, looking at assembly, and developing software to protect Microsoft customers from current and emerging security threats from around the world.

 

Key Accountabilities

Investigate and document vulnerabilities reported to Microsoft in various products, look for more vulnerabilities in those products, and ensure security patches fix the vulnerabilities properly. Research into new techniques to protect customers, find before the outside world security vulnerabilities or mitigation bypasses and develop new vulnerability mitigations.

 

Key Success Criteria

Security patches are released without issues, no similar vulnerabilities are found in the released patch.   Through research Microsoft products become even more secure.

 

Knowledge, Skills and Experience

Essential Experience

Experience finding vulnerabilities, assessing severity and exploitation potential of vulnerabilities

 

Technical/Functional Skills

- In-depth knowledge of debugging and reverse engineering Linux/Unix and Windows unmanaged code

- In-depth knowledge of Linux/Unix security model

- Able to demonstrate how security vulnerabilities work: E.g. Use after free, heap corruption, type confusion, etc.

- An understanding the Web Applications security – cryptography security issues, design flaws, and internet browser technologies.

- Web Applications penetration testing and vulnerability analysis – manual and automated

- Able to find security vulnerabilities via penetration testing, code review, reverse engineering or using tools

- Development skills in C or C++

- The capability to develop vulnerability detection tools such as scanners, static analyzers and vulnerability mitigations

 

Desirable areas of expertise:

- Open Source Software development

- An understanding of exploitation techniques

- Development skills in Python

 

Personal Attributes/Interpersonal Skills

- Ability to collaborate with and influence other people to reach the desired outcome

- Passion for trustworthy computing and software security

- Desire to stay up to date on the security landscape

 

Qualifications

- Relevant computer science degree highly desirable

 

Microsoft is an equal opportunity employer and supports workforce diversity