Security Software Engineer


Role Purpose:

How would you like to be on the front lines of Microsoft's battle with 0-day security vulnerabilities, hackers, and active cyber-attacks?

Do you like getting your hands dirty digging into vulnerabilities to learn what makes them tick and how they might be used maliciously? Do you also enjoy the thought of competing with security researchers around the world searching for never before seen vulnerabilities?

Microsoft's MSRC Vulnerabilities & Mitigations group, is looking for a Security Software Engineer to help out on a highly technical team whose mission is to protect 440 million people from software vulnerabilities.

Use your knowledge and passion to improve the security of all Microsoft products by playing a critical role in the security updates that ship on the second Tuesday of every month. Work in a team of avid security professionals reading source code, looking at assembly, and developing software to protect Microsoft customers from current and emerging security threats from around the world.

Key Accountabilities

Investigate and document vulnerabilities reported to Microsoft in various products, look for more vulnerabilities in those products, and ensure security patches fix the vulnerabilities properly. Research into new techniques to protect customers, find before the outside world security vulnerabilities or mitigation bypasses and develop new vulnerability mitigations.

Key Success Criteria

Security patches are released without issues, no similar vulnerabilities are found in the released patch. Through research Microsoft products become even more secure.

Knowledge, Skills and Experience

1) Essential Experience

Experience finding vulnerabilities, assessing severity and exploitation potential of vulnerabilities

2) Technical/Functional Skills

- In-depth knowledge of debugging and reverse engineering Linux/Unix and Windows unmanaged code

- In-depth knowledge of Linux/Unix security model

- Able to demonstrate how security vulnerabilities work: E.g. Use after free, heap corruption, type confusion, etc.

- An understanding the Web Applications security - cryptography security issues, design flaws, and internet browser technologies.

- Web Applications penetration testing and vulnerability analysis - manual and automated

- Able to find security vulnerabilities via penetration testing, code review, reverse engineering or using tools

- Development skills in C or C++

- The capability to develop vulnerability detection tools such as scanners, static analyzers and vulnerability mitigations

Desirable areas of expertise:

- Open Source Software development

- An understanding of exploitation techniques

- Development skills in Python

3) Personal Attributes/Interpersonal Skills

- Ability to collaborate with and influence other people to reach the desired outcome

- Passion for trustworthy computing and software security - Desire to stay up to date on the security landscape

4) Qualifications

- Relevant computer science degree highly desirable

Microsoft is an equal opportunity employer and supports workforce diversity

Microsoft's privacy statement can be viewed on the following web page: http://privacy.microsoft.com/en-gb/default.mspx

Job reference information
Advertiser Microsoft
Contact Name
Telephone (Please reference Dice when calling)
Reference 1051209

search