Microsoft is embarking on a new effort to address the growing needs of employees around the world. We are building the Microsoft Viva product suite to address the fundamental shift in how people work, build their career, and find meaning in their workplace. Employee engagement is in flux as a result of economic, demographic, and societal changes. People want to be excited about their work, be connected to their company culture, understand how to succeed, and feel supported across a spectrum of onboarding, skilling, coaching and mentoring. The broader Viva product family is dedicated to examining the employee journey and delivering software and services to make it better. This role on the Viva Trust team focuses on Viva Goals, which helps drive accountability, transparency, and alignment on goals across organizations. As part of Viva, we have a once in a lifetime opportunity to build a massive business from the ground up and bring purpose, happiness, and productivity to millions.
About This Job
The Viva Trust team is responsible for enabling Security, Privacy, Responsible AI and Compliance to be one of the top networks in the world. Our Mission is to build trust with both external and internal customers. We accomplish this by listening to the needs of our customers and creating solutions that are secure, Private by design and compliant.
We are seeking to hire a Senior Application Security Engineer to be based in our Mountain View, CA OR Redmond, WA location. As an engineer on the team, you will be responsible for securing new features including integration features with other products in the M365 suite, ensuring they are compliant with Global regulations and ensure Privacy is shifted left in the process.
Our culture is inclusive, casual, and high energy; our team members come from diverse backgrounds and are grounded in our customer needs. This is a fantastic opportunity to build services and experiences that millions of people worldwide will use at home, at school, at work, and across their daily lives.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Responsibilities
- Privacy and Security assessments of platform, data and clients, through code reviews and automation.
- Implementing Privacy, Responsible AI and Security controls and checkpoints to detect and prevent issues early in the software development lifecycle.
- Work with engineering and product teams in the design phase of products and features, conducting threat modeling and performing security architecture and design reviews.
- Help engineering and product teams to understand Security, Responsible AI ,Compliance and Privacy requirements.
- On-call support for escalations.
- Implementing defense in depth mechanisms to prevent Security and Privacy vulnerabilities.
- Embody our culture and values.
Qualifications
Required Qualifications:
- Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field
- OR 5+ years experience in software development lifecycle, large scale computing, modeling, cyber security, anomaly detection
- OR equivalent experience.
- 4+ years of experience in application Security engineering/Privacy engineering.
Other Requirements
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:
- Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide proof of citizenship, U.S. permanent residency, or other protected status (e.g., under 8 U.S.C.
- 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable. This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local [or applicable country] government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications
- Experience with Security and Privacy threat modeling new features.
- Experience with application security standards such as OWASP ASVS/Top 10, CWE 25.
- Experience with common security libraries, security controls, and common security flaws.
- Outstanding collaboration and partnership skills, with proven ability to drive results across teams.
- Understanding of Responsible AI, Privacy and Compliance regulations such as GDPR, CPRA, SOC 2, ISO27k and others.
- Experience of Privacy, Compliance, Responsible AI and Security audits.
- Familiarity with web proxies such as Burp, OWASP ZAP or Fiddler.
- Development or scripting experience. Java, Ruby, Ruby on Rails, GraphQL, REST.
Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until August 04, 2024.
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.