Security Program Manager Role in Digital Security & Risk Engineering Do you love security, and the thrill of challenging yourself with new-unknowns? every day? Do you have the learner mindset, are willing to un-learn old skills and learn new ones every day.
Does finding security flaws in design and implementation of applications and platforms excite you? Are you excited by an opportunity to influence and impact risk/reward decisions across Microsoft
If yes, then we are looking for you to join us as a Security Program Manager in the Digital Security & Risk Engineering (DSRE) India ACE team! Digital Security & Risk Engineering (DSRE), an organization led by Microsoft's Chief Information Security Officer, enables Microsoft to deliver the most trusted devices and services. DSRE's vision is to ensure all information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework. The Assessments, Consulting & Engineering (ACE) team is part of Digital Security & Risk Engineering (DSRE) organization and focuses on security assessments of applications, systems and infrastructure. We deliver security consulting and advisory services to Microsoft's internal businesses and to external customers/partner organizations (via security design reviews, code reviews, penetration testing and privacy assessments) with the goal to ensure that applications, systems and infrastructure adhere to the highest standards of security engineering, are compliant with security policy and protect corporate business data and intellectual property in a risk-optimized manner. This team also leads several key initiatives like Supplier Security, enabling automation in DevOps world, Securing Production Web Applications etc.
As a program manager in ACE, you will be expected to work closely with Microsoft CSEO teams and Microsoft's suppliers to assist them in optimizing security related risks via technical assessments and remediation recommendations for failed controls. In this role, you will also be expected to serve as the security champion/trusted advisor for one or more business units.
You will engage with businesses in all of the different lifecycle stages of applications/solutions - starting from early conception all the way through requirements definition, design, implementation, testing, staging and operations stages.
Working with ACE will give you the opportunity to hone your security knowledge and consulting skills alongside some of the best security consultants in the world! It will tremendously improve your technical understanding of information security across a variety of platforms and broaden your perspective of security requirements for scenarios and solutions in various industries in today's mobile first, cloud first era. It will also give you a well-rounded exposure to security in the enterprise (via an improved understanding of Governance, Risk & Compliance (GRC), Security Operations, Security Tools, Privacy, Security Infrastructure Assessments, Security Maturity Assessments, etc.). You will also get to hone your skills in driving initiatives in new and emerging areas of information security using the latest cutting-edge tools and methodologies.
Education & Experience Bachelor's Degree in Computer Science, Information System/Information Technology, Engineering or a related technical discipline
7+ years of solid technology experience of which 3-5 years of experience in security asessments.
Strong understanding of what it takes to build secure applications and secure systems on a mainstream platform Solid foundation of common software vulnerabilities and their mitigation techniques Good knowledge of security
infrastructure components such as Identity & Access Management solutions, Certificate Management, PKI solutions, etc.
Good knowledge of cryptography - especially the ability to use of primitives in a design situation Working knowledge of security tools such as Fortify, WebInspect, Qualys, etc.
Experience in independently running security initiatives, internally within a large organization, or in a global consulting firm, will be a bonus #DSRE IND
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.