Microsoft is a company where passionate innovators come to collaborate, envision what can be and take their careers further. This is a world of more possibilities, more innovation, more openness, and the sky is the limit thinking in a cloud-enabled world.

　　Microsoft’s Azure Data engineering team is leading the transformation of analytics in the world of data with products like databases, data integration, big data analytics, messaging & real-time analytics, and business intelligence. The products our portfolio include Microsoft Fabric, Azure SQL DB, Azure Cosmos DB, Azure PostgreSQL, Azure Data Factory, Azure Synapse Analytics, Azure Service Bus, Azure Event Grid, and Power BI. Our mission is to build the data platform for the age of AI, powering a new class of data-first applications and driving a data culture.

　　​​Within Azure Data, the databases team builds and maintains Microsoft's operational Database systems. We store and manage data in a structured way to enable a multitude of applications across various industries. We are on a journey to enable developer friendly, mission-critical, AI enabled operational Databases across relational, non-relational and OSS offerings.​

　　​​Microsoft’s Azure Data databases red team is hiring a Principal Security Engineer. Our team utilizes a variety of offensive security techniques to continuously evaluate and enhance the security posture of the organization and its offerings. We are dedicated to maintaining customer trust by staying one step ahead of the external attacker. We participate in both pre-release and post-release activities, conducting security reviews, penetration tests, and other ethical hacking exercises. Our team is highly collaborative. We partner with a corresponding blue team to improve monitoring and detection in the classic attack/defend paradigm. We partner with the databases’ product teams to drive security improvements in their products and processes. We even partner outside of our organization with other red teams across the company to identify systemic risks and share knowledge of attacks and techniques. As a Principal Security Engineer, you will be at the forefront of such engagements and collaborations.

　　​​

　　We do not just value differences or different perspectives. We seek them out and invite them in so we can tap into the collective power of everyone in the company. As a result, our customers are better served.

　　By applying to this U.S. based position, while remote work is possible, relocation does not apply/is not provided for the role.

　　Responsibilities

　　Security Assurance

　　Understand current security trends and vulnerabilities.

　　Participate in security design reviews and threat model reviews prior to the release of new products or features, communicating clearly the different security options and tradeoffs.

　　Deliver broadly available security trainings based on learnings from previous exercises or incidents.

　　Penetration testing

　　Ramp up and understand new designs, systems, and technology as they are built.

　　Participate in comprehensive assessments of features and large-scale applications and environments. This includes mapping out the surface area and assessing prioritization based on time, resource, and general importance tradeoffs.

　　Find vulnerabilities in various spaces such as web applications, native applications, database systems, authentication flows, distributed systems and designs, and protocols. Pulling from a flexible knowledge base of topics such as OWASP, memory corruption, privilege escalation, networking, and etc. to find both common and uncommon issues.

　　Red teaming

　　Participate in targeted campaigns (planning, scoping, approval, reconnaissance & discovery, execution of attacks, pivoting, persistence, and remediation) against both pre-production and production environments.

　　Navigate through an ecosystem of multiple domains, technologies, protocols, and stakeholders.

　　Embody our culture (https://careers.microsoft.com/v2/global/en/culture) and values (https://www.microsoft.com/en-us/about/corporate-values)

　　Qualifications

　　Required/Minimum Qualifications

　　​​ 7+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection.

　　Fundamental understanding of security knowledge around native applications, web applications, distributed and database systems.

　　Other Requirements

　　Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check:

　　This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

　　Preferred/Additional Qualifications

　　Bachelor's Degree in Cybersecurity, Computer Science, or related field AND 8+ years experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection

　　OR Master's Degree in Cybersecurity, Computer Science, or related field.

　　Understanding of security issues for large scale cloud services and network infrastructures.

　　Deep and broad understanding of security vulnerabilities and attacks (Hardware, Firmware, Software, Network, and People), and the ability to understand new ones based on new technology being developed.

　　Proficiency in Programming languages (C/C++, dotnet, js, python, sql, others) with expertise in troubleshooting and debugging skills.

　　​​High enthusiasm, integrity, ingenuity, results-orientation, self-motivation, and resourcefulness in a fast-paced competitive environment. 

　　Have a deep desire to work collaboratively, solve problems with groups, find win/win solutions and celebrate successes.

　　Penetration Testing IC5 - The typical base pay range for this role across the U.S. is USD $133,600 - $256,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $173,200 - $282,200 per year.

　　Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

　　#azdat

　　#azuredata

　　​​#cloud #databases #offsec #appsec #pentest #redteam​

　　Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .