Your browser does not support javascript! Please enable it, otherwise web will not work for you.

Security Software Engineer (Penetration /) @ Microsoft

Home > IT Security

 Security Software Engineer (Penetration /)

Job Description

Responsibilities

Application Security & Testing : Contributing to developing static and runtime analysis capabilities to find software security bugs in code quickly and with high confidence. Build cutting edge automated analysis for managed code and modern web services. Use various techniques (fuzzing, source code review, reverse engineering, etc.) to find vulnerabilities in critical components that EDG services rely on and parlay research into actual exploits. Validate software quality following our development standards.

Research, Training, and Tool Development : Perform research to stay current with bleeding edge of application security, offensive, and defensive tools & tactics. Leverage the output of this research for training and awareness across EDG Security and innovate development efforts.

Penetration testing: examine chosen target systems in detail, looking for vulnerabilities and weaknesses, and, in collaboration with red team and demonstrate the value of an assume breach mentality.

Emerging Threat and Vulnerability Research: Be on the forefront of emerging threats that affect cloud services through collaboration, independent study, and original research, including proactive security research on the technologies that are utilized in Azure Edge, Device and Gaming environment. A very high level of creativity and thirst for knowledge is a must.

Security Code Reviews: Review source code for security defects. File bugs on security defects that help remove potentially exploitable bugs from code and improve the security of EDG services.

To thrive in this position, you will need to be a strong software developer with a deep technical understanding of a broad technology set and the ability to learn new information at a rapid pace. Previous experience in security consulting, penetration testing, and general hacking are important, but a desire to take on big challenges and help improve the overall service engineering process is equally vital.

Qualifications
  • BS or MS in Computer Science, a related field, or equivalent experience
  • Strong coding skills including C#, ASP.NET, JavaScript
  • 3+ years of experience testing web services, identifying, and remediating OWASP top 10 security flaws, and understanding large complex systems quickly.
  • Experience in penetration testing and static code analysis
  • Strong background in customizing static, dynamic, and runtime analysis tools
  • Expert-level knowledge of one or more high-level programming languages, CI/CD pipelines, development and coding patterns, and software engineering techniques
  • Expert-level knowledge in multiple classes of vulnerabilities, including cross-site scripting, buffer overflows, SQL injection, Deserialization vulnerabilities, cryptographic weaknesses, insecure direct object references, and others.
  • Familiarity with common security libraries, security controls, and common security flaws.
  • Efficient with web proxies such as Burp or OWASP ZAP or Fiddler
  • Experience with web security standards such as CSP, CORS, and emerging web security technologies.
  • Understanding of modern authentications with AAD for web apps
  • Understanding of OAuth and JWT implementations.

Job Classification

Industry: IT Services & Consulting
Functional Area: IT & Information Security,
Role Category: IT Security
Role: IT Security
Employement Type: Full time

Education

Under Graduation: Any Graduate
Post Graduation: Any Postgraduate

Contact Details:

Company: Microsoft
Location(s): Hyderabad

+ View Contactajax loader


Keyskills:   Supply chain Coding Consulting Javascript Application security Windows software quality microsoft Gaming SQL

 Job seems aged, it may have been expired!
 Fraud Alert to job seekers!

₹ Not Disclosed

Microsoft

Microsoft’s Customer Service and Support (CSS) organization supports over 170 Microsoft products, which range from the Consumer to Enterprise customer segments. This includes technical products from Developer Support and Enterprise Platform Support to Enterprise Messaging Support and Enterpri...