The Product Security (ProdSec) Team is responsible for overseeing the security of all the software features developed for Skype, Skype for Business, Microsoft Teams and the GroupMe products. These communication tools are offered in both consumer and enterprise markets and are available across all leading desktop and mobile platforms.
As a member of ProdSec you will provide input and oversight to help build robust and secure solutions that scale to the needs of hundreds of millions of users that depend on these products daily.
ProdSec engages with business units helping contribute to designs, review product feature implementation plans, understand cloud environment usage and even help shape test or deployment strategies so that products are created as part of a secure development lifecycle (SDL).
Microsoft is seeking a self-motivated and dynamic individual to be part of ProdSec to engage with teams to promote security awareness, encourage a defensive mindset, influence their processes and priorities and provide expert security guidance.
•      Work in an agile development environment and partner with engineering and product teams to ensure that new product feature development adheres to security best practices.
•      Conduct regular security reviews of both software and processes.
•      Review and create threat models.
•      Conduct periodic code reviews and educate the engineering teams on best practices for writing secure code.
•      Coordinate remediation of any application security weaknesses uncovered.
•      Evaluate and promote the use of automation tools to assist manual reviews in identifying issues.
•      Promote security training and awareness in the organization.
•      Conduct penetration testing or interact with penetration testers and other external vendors to validate that security controls work as expected.
•      Focus on keeping personal skills current.
•      Full understanding of web stack, web security and common vulnerabilities.
•      Development skills to facilitate code reviews or tool development.
•      Domain expert in security with respect to web development and enterprise app development.
•      Understanding of SDL and mobile experience is a plus.
•      Good understanding of cloud technologies.
•      Basic penetration testing skills.
•      Experience with automation tools and deployments.
•      Excellent verbal and written communication skills.
•      Leadership qualities including the ability to work effectively with cross-functional teams and be able to consider diverse opinions.
•      A working knowledge of Agile Development methodology.
•      BS or MS degree in Computer Science or Engineering OR equivalent years of relevant work experience.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.