RedmondRecruiter Since 2001
the smart solution for Redmond jobs

Senior Security Engineer

Company: Microsoft Corporation
Location: Redmond
Posted on: November 19, 2021

Job Description:

Save save Senior Security Engineer to job cart

  • Job number 1184556
  • Date posted Oct 25, 2021
  • Travel 0-25 %
  • Employment type Full-Time CodeQL Senior Security Engineer/Researcher Customer Security Policy & Assurance We are seeking a teammate to help us build out-- the most ambitious and advanced static analysis solution in the world,-- empowering --us to centrally search-- across all of-- Microsoft's code for security vulnerabilities, malicious code, and other security interesting patterns. We are looking for --folks interested in becoming expert CodeQL query authors to --help us detect and eliminate vulnerabilities both within Microsoft's billions of lines of code, and in the-- open source --software of the world. This is an opportunity to leverage your security expertise for immense impact both within Microsoft and across the broader software ecosystem.-- In this role you will-- contribute to CodeQL's security ruleset to proactively identify vulnerabilities --across Microsoft's products and services , research new vulnerability patterns, collaborate with-- Microsoft Security Response Center ( MSRC ) --to rapidly assess billions of lines of code for newly reported vulnerability variants and classes . You will also-- have the opportunity to --resea r ch new uses for --static analysis , --such as back door/malicious code detection --and --automatic generation of fuzzing-- test-- harnesses --that-- will broaden impact and fuel other research. Whenever --we-- can,-- w e --open source our work --and --you will also be empowering --the broader community of CodeQL users-- in GitHub and at other enterprises. Our team is fortunate to regularly collaborate with the myriad of skilled security teams in the-- Microsoft-- product groups, the language experts in Microsoft's compiler and developer tools team, the engineers directly working on the CodeQL engine in GitHub,-- and response and threat intel teams charged with watching the evolution of vulnerabilities in the ecosystem. This opportunity will keep you on the frontier of the software security landscape, supported by some of the leading security experts,-- and in turn --you will have the opportunity --to support and mentor developing security experts , an explicit part of our Team's mission. As CodeQL is a relatively young technology, no direct prior experience is-- expected , however we encourage-- you --to investigate-- --prior to applying . If this is --the sort of technology you would like to work on , we would like to hear from you. Preferred work locations:
    Atlanta, Georgia
    Austin, Texas
    Redmond, Washington
    Reston, Virginia
    Remote in the U.S. Responsibilities Key responsibilities :
    • Develop new detections for security vulnerabilities in QL, the language powering CodeQL--
    • Research new security vulnerability patterns, and support MSRC when new patterns are reported to them
    • Research and implement novel-- uses --of Static Analysis, and help shape the feature development in CodeQL--
    • Collaborate with other areas of subject matter expertise such as Responsible AI, Privacy, and Accessibility, to aid them in similarly empowering developers with high quality analysis for their areas. Qualifications Knowledge, experience and skills required:
      • A total of 4 years experience working with vulnerability patterns in one or more of the following areas: system/OS/driver code, web applications and services, Windows client applications, Windows or Linux server applications, mobile applications.
      • 2+ years experience-- performing --security code reviews - OR --- experience-- using static analyzers-- --
      • 4 + years of experience in a product security role such as Security Researcher, Product Security Champion, Penetration Tester,-- or-- Security Assurance- OR - Academic-- equivalent experience such as an undergrad degree focused on security or graduate studies in an area of security --(or a combination of both --professional and academic experience ) . Preferred, not required:
        • Familiarity --with-- CodeQ --is-- great--
        • The ability to collaborate and communicate effectively with many different audiences
        • Experience authoring --detections for static analyzers or Linters--
        • Experience training or mentoring others
        • Experience researching security vulnerability patterns Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request--via the--Accommodation request form . Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work. Save save Senior Security Engineer to job cart This site is hosted for Microsoft by Phenom People

Keywords: Microsoft Corporation, Redmond , Senior Security Engineer, Engineering , Redmond, Washington

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Washington jobs by following @recnetWA on Twitter!

Redmond RSS job feeds