Azure is at the center of Microsoft's cloud services strategy, both for external customers as well as for our own services. With the expedited growth of data and the popularity of our enterprise data platforms, Azure SQL Database System is one of our most critical platforms and our goal is to ensure we have the most reliable and trustworthy data platforms in the world. The integrity and trust that we, Microsoft, and our customers have on these services and resources are of paramount importance for confidence in bringing critical business to the cloud. To achieve these goals, the Azure Data team is looking to expand the "Red Team" tasked with providing Pen test and red team engagements for this organization.
Your role will be to perform pen tests engagement simulating attackers on features and services for existing and new services coming. Complete Red Team engagements to test security infrastructure and processes. Work with the services' blue teams in purple team engagements to enhance security detections and infrastructures. You will also Partner with other security teams across the company to enhance and showcase new tooling developed for attack teams.
* Fundamental understanding of security knowledge around native applications, web applications, distributed and database systems.
* Understanding of security issues for large scale cloud services and network infrastructures
* Deep and broad understanding of security vulnerabilities and attacks (Hardware, Firmware, Software, Network, and People), and the ability to understand new ones based on new technology being developed
* 7-12 years' experience in security and software engineering are a must or equivalent experience
* Proficiency in with expertise in troubleshooting and debugging skills
* High enthusiasm, integrity, ingenuity, results-orientation, self-motivation, and resourcefulness in a fast-paced competitive environment.
* Have a deep desire to work collaboratively, solve problems with groups, find win/win solutions and celebrate successes
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
* Lead comprehensive assessments of features and large-scale applications and environments. This includes mapping out the surface area and assessing prioritization based on time, resource, and general importance tradeoffs.
* Find vulnerabilities in various spaces such as web applications, native applications, database systems, authentication flows, distributed systems and designs, and protocols. Pulling from a flexible knowledgebase of topics such as OWASP, memory corruption, privilege scalation, networking, and etc to find both common and uncommon issues.
* Fundamentally grasp both the technical and non-technical details such as to enumerate inappropriate or abusable security expectations
* Constantly ramp up and understand new designs, systems, and technology
* Lead a targeted operation (planning, scoping, approval, reconnaissance & discovery, execution of attacks, pivoting, persistence, and remediation)
* Navigate through an ecosystem of multiple domains, technologies, protocols, and stakeholders
* Create new tools to support pen tests efforts
* Provide security recommendations for new technologies and designs
* Understand and communicate benefits and drawbacks to different security concepts and implementations
* Understand current security trends and vulnerabilities and provide recommendations for risk and impact
* Communicate findings for both engineers and management while clearly distinguishing between risk and investment tradeoffs
Microsoft develops, licenses, and supports software, services, devices, and solutions.