Microsoft Corporation
    Redmond, WA

    Job Description

    Are you passionate about software and operational security? Do you want to help Microsoft protect its online services in an ever-changing threat landscape? The Microsoft COSINE (Operating Systems), Devices, and Gaming (CDG) Security group is looking for somebody to help secure some of our most critical online services including Windows Update, Product Release and Signing Services, the Windows Engineering Systems, Xbox Live, and many more.

    The CDG Security services security assurance PM team is responsible for driving the effectiveness of security throughout services we support. The team has the responsibility to simplify and automate security for engineering teams, enabling engineers to write solid secure code, build secure services, handle operational tasks securely, and understand the true threats that face Microsoft every day without impeding the productivity of engineers. This must be done while ensuring a great customer and partner experience and create a responsive data-driven customer/engineering feedback loop.

    As part of the security assurance PM team you will join our program to drive improvements to the security development life cycle (SDL) and operational security process based on emerging threats, identify and help fill technical content gaps, simplify and automate the security assessment process, and provide guidance to engineers to improve Microsoft's security posture.

    To be successful you'll need:

    To be an operational or software security subject matter expert with hands-on cloud experience

    To have a focus on current security issues and trends and an eye towards future research

    To be flexible in your approaches, be able to context switch between products and services and adapt to the ever changing threat landscape

    To be a great program manager with solid organization, prioritization and communication skills and an ability to influence others outside your team

    To help drive the adoption of key security technologies to help defend Microsoft and our customers against adversaries

    To consult on secure development and operational security requirements with engineering teams across Microsoft

    To work with agile process framework such as SCRUM for managing complex knowledge work

    Build security into the agile development process and improving security content delivery within Microsoft

    You will lead partners through the SDL process by reviewing designs and conducting threat model security assessments

    You should drive automation efforts to validate adherence to security development lifecycle and operational security requirements

    Work across multiple teams in Security and across Microsoft to coordinate and integrate with other community and content related initiatives

    You should produce and drive virtual and in-person customer/partner engineering sessions to increase the customer and partner voice in the design process

    Define success metrics; Collect, analyze and understand data; Use the data to drive changes and improvements

    Evaluate and quantify feedback from customers, partners

    Collaborate on and design tools that take the pain out of security, improve security development lifecycle and the operational security polices/practices to get security tasks to engineers in a language that engineers clearly understand

    You will contribute and possibly be the team Product Backlog owner, driving team short through long term goals, improving how SDL is applied and measured across Microsoft services


    5+ years of information technology support or consulting experience


    5+ years of Software Program/Product Management experience

    CISSP, Security+, OWASP, or SANS SEC401 Security Essentials training or certification

    Broad understanding of the web platform, web developer workflows, and web tools ecosystem

    Passion for information technology security and software development

    Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

    Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

    Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

    Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

    Posting ID: 552786442Posted: 2020-05-21