Principal Penetration Testing Manager

Overview

Do you enjoy breaking things technically but are also capable of providing insight into fixing issues at scale? Do you have a passion for all kinds of offensive security work? What about the opportunity to work at the kind of scale most companies only dream of?

Are you looking for a challenge that puts you at the center of the Microsoft Edge + Platform, Devices, and Gaming Security? Are you passionate about solving the security challenges of critical online services? Then you are in luck, we are looking for a Principal Penetration Testing Manager.

Microsoft's EPSF (Edge Platform Security Fundamentals) team is responsible for some of Microsoft's largest and most influential online services, including Xbox LIVE, Microsoft Game Studios, and more.

We have a world-class offensive security team that helps to ensure a secure experience for billions of users all over the world. Our team is primarily focused on identifying systemic vulnerabilities across application, network, and operational security domains. We work closely with both our product and defense teams, providing an offensive perspective to their business.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

EPSF Security has a world-class penetration testing team that helps ensure a secure experience for millions of users worldwide. We primarily focus on offensive security and application security and work closely with our defense teams to continually improve our operational awareness. As a Principal Penetration Testing Engineer, you will be responsible for the following:

People Management

• Managers deliver success through empowerment and accountability by modeling, coaching, and caring.
• Model - Live our culture; Embody our values; Practice our leadership principles.
• Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn.
• Care - Attract and retain great people; Know each individual's capabilities and aspirations; Invest in the growth of others.

Discovery of Problems/Identifying Vulnerabilities

• Provides strategic guidance to teams on priorities, tactics, evaluation strategies, and development of methodologies. Ensures teams are resourced to achieve results. Escalates recommendations and mitigations and advocates for follow through as needed. Helps to establish standards and rules of engagement across the company. Identifies and implements appropriate metrics for organization.

Solution Engineering

• Works across multiple teams, divisions, and functional areas to support technical implementation of solutions that increase the ability to harden against, detect, and mitigate issues (e.g., malware, reverse engineering). Ensures teams develop and maintain areas of expertise, expand into new areas of expertise, and share best practices across teams.
• Purple Team: Participate as an infrastructure/operation specialist in overt penetration testing engagements, where we emulate real-world adversaries such as Nation-State or Organized Crime. During Purple Team engagements, we collaborate with our business partners, v-team for the operation and defensive teams to comprehensively understand the target and provide guidance on improving their overall security posture through design changes and tactical mitigations, security controls, or detections.
• Between Red Team and Purple Team Engagements, the following activities may be executed:
  • Research, Training, and Innovation: Perform research to stay current with bleeding edge of application security, offensive and defensive tools, and tactics. Leverage the output of this research for training and awareness across EDG Security and innovation efforts.

Qualifications

Required Qualifications

• Master's Degree in Statistics, Mathematics, Computer Science or related field OR 7+ years of experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, .
• 3+ years people management experience.
• 5+ years of performing Penetration tests engagements.
• 2+ years of experience testing web services, identifying and remediating OWASP top 10 security flaws, and understanding large complex systems quickly.

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter

Preferred Qualifications:

• Demonstrated experience in Networking/Identity Isolation, Active Directory, and Linux skills.
• Proficient operational security skills
• Demonstrated teamwork and cross-group collaboration skills.
• Ability to deal with ambiguity
• BS or MS in Computer Science, a related field, or equivalent experience
• Experience performing offensive security engagements (Experience leading offensive engagements is highly desired)
• Demonstrated coding skills in one or more popular languages and platforms such as: C#, C++, Ruby, Python, and others.
• Proficient experience in Windows and Linux.
• Operational Security skills
• Experience reverse engineering Native and Managed Code
• Experience testing web services, identifying and remediating OWASP top 10 security flaws, and understanding large, complex systems quickly
• OSCP/OSCE/GIAC certifications are desired

Security Operations Engineering M5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until Aug 5, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.