|Location||Redmond, WA, USA|
|Preferred GIAC Certifications||GPEN, GWAPT, GXPN|
Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
Are you passionate about information security? Are you gifted at ethical hacking? Do you intuitively understand weakness in systems? Are you fascinated with staying current on computing threats? Do you love figuring out how a system works? Are you seeking an opportunity to have enterprise-wide security impact?
Microsoft’s Digital Security and Risk Engineering (DSRE) is making investments in our world class penetration testing team. Our organization has responsibility for identifying and managing technical security risk across Microsoft’s enterprise environment, including Microsoft global office locations, worldwide data centers environments, and business applications and services in Azure.
We have an immediate opening on our team for a senior security penetration testing engineer with expertise in web applications or development platforms.
Plan, research, and execute testing of computer system and applications to simulate real world attacks on Microsoft’s services and infrastructure.
Assess existing security capabilities to detect and respond to emerging threats.
Outline and document risk impacts in executive summary reports and communications to relevant stakeholders.
Perform research to stay current with penetration testing tools, methodologies, tactics, and mitigations.
Develop and maintain penetration testing procedures and methodologies.
Produce high-quality papers, presentations, recommendations.
A Bachelor’s degree in Computer Science or Engineering, or a related field, or equivalent alternative skills and/or practical experience
5+ years of experience in penetration testing/Red Team and security code review experience
5+ years of experience using penetration testing tools, including any of the following: Nessus, NMAP, Metasploit, Burp Suite Pro, etc.
Preferred, not required:
Demonstrated presentation skills
Demonstrated ability to anticipate and manage change in a highly dynamic environment
Understanding of cloud platforms, internet protocols, and related technologies
Experience with Advanced Persistent Threat (APT) emulation, purple teaming, and/or working with threat intelligence
Experience performing reverse engineering
GPEN, GWAPT, GXPN, OSCP, OSCE, or similar certifications
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.