Security Software Engineer
How would you like to be on the front lines of Microsoft’s battle with 0-day security vulnerabilities, hackers, and active cyber-attacks?
Do you like getting your hands dirty digging into vulnerabilities to learn what makes them tick and how they might be used maliciously? Do you also enjoy the thought of competing with security researchers around the world searching for never before seen vulnerabilities?
Microsoft’s MSRC Vulnerabilities & Mitigations group, is looking for a Security Software Engineer to help out on a highly technical team whose mission is to protect 440 million people from software vulnerabilities.
Use your knowledge and passion to improve the security of all Microsoft products by playing a critical role in the security updates that ship on the second Tuesday of every month. Work in a team of avid security professionals reading source code, looking at assembly, and developing software to protect Microsoft customers from current and emerging security threats from around the world.
Investigate and document vulnerabilities reported to Microsoft in various products, look for more vulnerabilities in those products, and ensure security patches fix the vulnerabilities properly. Research into new techniques to protect customers, find before the outside world security vulnerabilities or mitigation bypasses and develop new vulnerability mitigations.
Key Success Criteria
Security patches are released without issues, no similar vulnerabilities are found in the released patch. Through research Microsoft products become even more secure.
Knowledge, Skills and Experience
Experience finding vulnerabilities, assessing severity and exploitation potential of vulnerabilities
- In-depth knowledge of debugging and reverse engineering Linux/Unix and Windows unmanaged code
- In-depth knowledge of Linux/Unix security model
- Able to demonstrate how security vulnerabilities work: E.g. Use after free, heap corruption, type confusion, etc.
- An understanding the Web Applications security – cryptography security issues, design flaws, and internet browser technologies.
- Web Applications penetration testing and vulnerability analysis – manual and automated
- Able to find security vulnerabilities via penetration testing, code review, reverse engineering or using tools
- Development skills in C or C++
- The capability to develop vulnerability detection tools such as scanners, static analyzers and vulnerability mitigations
Desirable areas of expertise:
- Open Source Software development
- An understanding of exploitation techniques
- Development skills in Python
Personal Attributes/Interpersonal Skills
- Ability to collaborate with and influence other people to reach the desired outcome
- Passion for trustworthy computing and software security
- Desire to stay up to date on the security landscape
- Relevant computer science degree highly desirable
Microsoft is an equal opportunity employer and supports workforce diversity