Are you passionate about software and operational security? Do you want to help Microsoft protect its online services in an ever-changing threat landscape? The Microsoft COSINE (Operating Systems), Devices, and Gaming (CDG) Security group is looking for somebody to help secure some of our most critical online services including Windows Update, Product Release and Signing Services, the Windows Engineering Systems, Xbox Live, and many more.
The CDG Security services security assurance PM team is responsible for driving the effectiveness of security throughout services we support. The team has the responsibility to simplify and automate security for engineering teams, enabling engineers to write solid secure code, build secure services, handle operational tasks securely, and understand the true threats that face Microsoft every day without impeding the productivity of engineers. This must be done while ensuring a great customer and partner experience and create a responsive data-driven customer/engineering feedback loop.
As part of the security assurance PM team you will join our program to drive improvements to the security development life cycle (SDL) and operational security process based on emerging threats, identify and help fill technical content gaps, simplify and automate the security assessment process, and provide guidance to engineers to improve Microsoft's security posture.
To be successful you'll need:
To be an operational or software security subject matter expert with hands-on cloud experience
To have a focus on current security issues and trends and an eye towards future research
To be flexible in your approaches, be able to context switch between products and services and adapt to the ever changing threat landscape
To be a great program manager with solid organization, prioritization and communication skills and an ability to influence others outside your team
To help drive the adoption of key security technologies to help defend Microsoft and our customers against adversaries
To consult on secure development and operational security requirements with engineering teams across Microsoft
To work with agile process framework such as SCRUM for managing complex knowledge work
Build security into the agile development process and improving security content delivery within Microsoft
You will lead partners through the SDL process by reviewing designs and conducting threat model security assessments
You should drive automation efforts to validate adherence to security development lifecycle and operational security requirements
Work across multiple teams in Security and across Microsoft to coordinate and integrate with other community and content related initiatives
You should produce and drive virtual and in-person customer/partner engineering sessions to increase the customer and partner voice in the design process
Define success metrics; Collect, analyze and understand data; Use the data to drive changes and improvements
Evaluate and quantify feedback from customers, partners
Collaborate on and design tools that take the pain out of security, improve security development lifecycle and the operational security polices/practices to get security tasks to engineers in a language that engineers clearly understand
You will contribute and possibly be the team Product Backlog owner, driving team short through long term goals, improving how SDL is applied and measured across Microsoft services
5+ years of information technology support or consulting experience
5+ years of Software Program/Product Management experience
CISSP, Security+, OWASP, or SANS SEC401 Security Essentials training or certification
Broad understanding of the web platform, web developer workflows, and web tools ecosystem
Passion for information technology security and software development
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.