Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Penetration Testing Engineer
Company Microsoft
Location Redmond, WA, USA
Preferred GIAC Certifications GPEN, GWAPT, GXPN
Travel 5%
Salary Not provided
Contact Name mburrough
Contact Email mattburr/at/
Expires 2020-10-23

Job Description

Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

Are you passionate about information security? Are you gifted at ethical hacking? Do you intuitively understand weakness in systems? Are you fascinated with staying current on computing threats? Do you love figuring out how a system works? Are you seeking an opportunity to have enterprise-wide security impact?

Microsoft’s Digital Security and Risk Engineering (DSRE) is making investments in our world class penetration testing team. Our organization has responsibility for identifying and managing technical security risk across Microsoft’s enterprise environment, including Microsoft global office locations, worldwide data centers environments, and business applications and services in Azure.

We have an immediate opening on our team for a senior security penetration testing engineer with expertise in web applications or development platforms.

Key Responsibilities:
Plan, research, and execute testing of computer system and applications to simulate real world attacks on Microsoft’s services and infrastructure.
Assess existing security capabilities to detect and respond to emerging threats.
Outline and document risk impacts in executive summary reports and communications to relevant stakeholders.
Perform research to stay current with penetration testing tools, methodologies, tactics, and mitigations.
Develop and maintain penetration testing procedures and methodologies.
Produce high-quality papers, presentations, recommendations.


Required Qualifications:
A Bachelor’s degree in Computer Science or Engineering, or a related field, or equivalent alternative skills and/or practical experience
5+ years of experience in penetration testing/Red Team and security code review experience
5+ years of experience using penetration testing tools, including any of the following: Nessus, NMAP, Metasploit, Burp Suite Pro, etc.
3+ years of experience coding in languages including, but not limited to: C#, Python, C++, Go, PowerShell, ASP.NET, JavaScript, assembly

Preferred, not required:
Demonstrated presentation skills
Demonstrated ability to anticipate and manage change in a highly dynamic environment
Understanding of cloud platforms, internet protocols, and related technologies
Experience with Advanced Persistent Threat (APT) emulation, purple teaming, and/or working with threat intelligence
Experience performing reverse engineering
GPEN, GWAPT, GXPN, OSCP, OSCE, or similar certifications

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.