|Location||Redmond, WA, USA|
|Preferred GIAC Certifications||GPEN, GWAPT, GXPN|
|Contact Name||Matt Burrough|
Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
Core Services Engineering and Operations is the engineering organization that provides the services and systems that power Microsoft. Our security organization, Digital Security Risk Engineering (DSRE), has responsibility for identifying and managing technical security risk across Microsoft’s enterprise environment including Microsoft Global office locations, engineering platforms, world wide computing environments, company applications, and Microsoft’s use of on-line services.
To ensure we have the most trusted and secure systems for the company we require an experienced and strategic security leader for our Red Team organization. Your role will be to set strategic direction for Red Team engagements, penetration testing, and security tooling and exploit proof of concepts. You will lead a team of security engineers to deliver Red Team engagements to identify security vulnerabilities, actualize security threats, and identify systemic security issues across the company. In addition you will collaborate with our incident responders and blue team members to execute purple team exercise to validate security controls, detections, and response effectiveness for selected security attack scenarios.
You will engage with other Red Team leaders in the company to showcase findings and outcomes to the Microsoft CISO. You will set strategy, advocate for innovation, and build security automation or tooling to scale Red Team activities and effectiveness across the Microsoft environment in partnership with other security leaders in the company.
Define strategic plan to asses Microsoft existing security capabilities to detect and respond to emerging threats.
Research security vulnerabilities and weakness to identify methods and techniques that may be potential attack vectors to Microsoft services.
Assess and review web applications, Microsoft’s internal use of cloud services, and other computing environments (servers, VMs, databases, networks) to identify security issues.
Ensure Red Team findings and outcomes from engagements have identified resolution plans.
Provide overall quality control on papers, presentations, recommendations, and findings for senior executives and external customers.
Provide summary of projects, techniques, and findings to the Microsoft CISO and other security leaders in the company.
The ideal candidate is a senior security leader that has had experience in managing Red Teams and penetration testing programs in a large enterprise environment. The individual should have strong program management skills, technical knowledge of security threats, knowledge and experience in penetration testing methodologies and tools, and has excellent verbal and written communication skills.
BS or MS in computer science or related field or equivalent experience.
8+ years of experience as a manager of penetration testing/Red Team and security code review experience or related experience.
8+ years of experience in penetration testing tools and programming languages (C/C++, .net, JS, python, etc).
CISSP certified, Certified Ethical Hacker, GPEN, or similar certification(s).
Security domain knowledge on security application and infrastructure practices, vulnerabilities, and known weaknesses.
Excellent skills in providing written and verbal presentations to senior executives, executive bodies, and/or government officials.
Demonstrated ability to anticipate and manage change in a highly dynamic environment.
Managing software engineers and program managers in a large scale cloud environment.
Prior leadership in setting security strategy for a penetration testing service or Red Team organization in a large enterprise organization.
Seeking enthusiastic, deeply technical, hands on, strategic thinker, and assertive leader.