Microsoft Security’s, Digital Security & Resilience (DSR) is looking for a Principal Security Engineer to help us build out the most ambitious and advanced static analysis solution in the world, empowering us to centrally search across all of Microsoft’s code for security vulnerabilities, malicious code, and other security interesting patterns.

　　In this role you will contribute to CodeQL’s security ruleset to proactively identify vulnerabilities across Microsoft’s products and services, research new vulnerability patterns, collaborate with Microsoft Security Response Center (MSRC) to rapidly assess billions of lines of code for newly reported vulnerability variants and classes. You will also have the opportunity to research new uses for static analysis, such as back door/malicious code detection and automatic generation of fuzzing test harnesses that will broaden impact and fuel other research. Join us today to leverage your understanding of various programming languages for immense impact both within Microsoft and across the broader software ecosystem.

　　Responsibilities

　　• Develop new detections for security vulnerabilities in QL, the language powering CodeQL

　　• Research new security vulnerability patterns, and support MSRC when new patterns are reported to them

　　• Research and implement novel uses of Static Analysis, and help shape the feature development in CodeQL

　　• Collaborate with other areas of subject matter expertise such as Responsible AI, Privacy, and Accessibility, to aid them in similarly empowering developers with high quality analysis for their areas.

　　• The team is primarily US based, though collaborates with the core CodeQL product team primarily based in Western Europe. The position can be fully remote, however the candidate is expected to have a workday that overlaps with the morning and early afternoon Pacific time.

　　Qualifications

　　Required Qualifications

　　7+ years experience in software development lifecycle, large scale computing, modeling, cyber security, anomaly detectiono OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field

　　o OR equivalent experience.

　　5+ years experience with security vulnerability patterns

　　5+ years experience with C/C++ 1+ years of experience with Rust, C#, JavaScript/TypeScript, Java, Kotlin, Python, Go, Swift, or Ruby

　　Other Requirements

　　Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:

　　Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

　　Preferred Qualifications

　　Experience with static analysis, symbolic execution, or comparable code analysis technologies.

　　Familiarity with CodeQL is great (you are going to be working with it a lot, so highly recommend spending some time playing with it to see if that's what you want for your career)

　　Experience authoring detections for static analyzers or Linters

　　Experience training or mentoring others

　　Experience researching security vulnerability patterns

　　Security Assurance IC5 - The typical base pay range for this role across the U.S. is USD $133,600 - $256,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $173,200 - $282,200 per year.

　　Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay (https://careers.microsoft.com/v2/global/en/us-corporate-pay.html)

　　#MSFTSecurity

　　#DSR

　　#CodeQL

　　#SecurityAnalysis

　　#StaticAnalysis

　　Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .