Senior Application Security Specialist
Microsoft
This job is no longer accepting applications
See open jobs at Microsoft.See open jobs similar to "Senior Application Security Specialist" Tech:NYC.Operations
New York, NY, USA
Posted on Aug 24, 2024
The Trust & Integrity Protection (TrIP) team has an immediate opening for a Senior Application Security Specialist to help identify, assess, and remediate security risk for applications across our vast tools and technology ecosystem. Our Assurance team executes programs that assess applications and infrastructure for privacy, security, governance, risk, and compliance. Our larger organization provides guidance and oversight across the Microsoft Customer & Partner Solutions (MCAPS) division.
In this role, you will provide technical depth and expertise to a team of security professionals performing application and infrastructure security assessments across the business. You will support and help guide the team as they work with application developers to ensure that their applications meet our rigorous requirements for security, privacy, accessibility, and resilience. You will work with the team to define the state of the practice in application development security. You will also define and manage key measures for security across a diverse organization. Key to this role is your technical aptitude for application security, overall technical depth, security risk management, capacity, and operational ability to manage a multiple heterogenous projects simultaneously. Also critical are proficient program management skills, the ability to influence without authority, to work in a quickly changing area, and be able to represent your work to partners and leadership.
Our team values capable and active cross-team communication and collaboration, and proactive sharing of learnings and best practices to help make our whole team better. At the same time, to be successful in this role you need to be a self-motivated driver who can succeed with limited direction. You will work with a team of collaborative security professionals who will value you as an individual and support your professional development.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Required/Minimum Qualifications:
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until September 11, 2024.
#EOjobs
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
In this role, you will provide technical depth and expertise to a team of security professionals performing application and infrastructure security assessments across the business. You will support and help guide the team as they work with application developers to ensure that their applications meet our rigorous requirements for security, privacy, accessibility, and resilience. You will work with the team to define the state of the practice in application development security. You will also define and manage key measures for security across a diverse organization. Key to this role is your technical aptitude for application security, overall technical depth, security risk management, capacity, and operational ability to manage a multiple heterogenous projects simultaneously. Also critical are proficient program management skills, the ability to influence without authority, to work in a quickly changing area, and be able to represent your work to partners and leadership.
Our team values capable and active cross-team communication and collaboration, and proactive sharing of learnings and best practices to help make our whole team better. At the same time, to be successful in this role you need to be a self-motivated driver who can succeed with limited direction. You will work with a team of collaborative security professionals who will value you as an individual and support your professional development.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
- Vulnerability Identification and Mitigation: Regularly assess security, identify vulnerabilities, and work with development teams to remediate them. This involves activities like code review, dynamic testing, and threat modelling.
- Threat Modeling: Analyze software systems to identify potential threats and vulnerabilities. Create threat models that outline potential attack vectors and help prioritize security efforts.
- Secure Code Review: Review code written by developers to identify security flaws, adherence to coding standards, and best practices. Ensure that security is integrated into the development lifecycle.
- Security Testing: Perform various security tests, including static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST), to identify and uncover vulnerabilities in applications.
- Security Training: Conduct security training sessions for developers, QA engineers, and other stakeholders.
- Incident Response: In the event of a security incident or breach, application security engineers play a critical role in investigating, containing, and mitigating the impact. They collaborate with incident response teams.
- Provide technical guidance for Application onboarding activities and support application developers in navigating the review process.
- Design and develop roadmaps and priorities for the Assurance program as it applies to tools and services built in MCAPS.
- Lead and identify cross-organizational teams to create and maintain tool security guidance.
- Build and nurture positive working relationships with stakeholders and leadership, and be engaged as a trusted advisor within MCAPS.
- Work closely with various engineering organizations and tool owners to support their programmatic initiatives to shift left the Assurance function in the development cycle.
- Design and implement process improvements to the Application Risk Assessment program.
- Assist with the tools and technology review and assessment processes to identify data protection and compliance-related gaps.
- Embody our Culture & Values
Required/Minimum Qualifications:
- Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development
- 2+ years experience managing cross-functional and/or cross-team projects.
- 3+ years experience in application security or software development lifecycle practices.
- Ability to coordinate complex process reviews, interpret the results and articulate the findings in a clear and concise manner.
- Certifications such as Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), or other discipline specific certifications.
- Basic to moderate understanding of reading and/or writing code (e.g. sample documentation, product demos).
- Experience working on an application or service development team.
- Effective written and oral communication skills, with the ability to tailor communications based on audience.
- Self-motivated with ability to work with little supervision.
- Ability to analyze complex problems, think creatively, communicate recommendations, influence change and drive process and structure into a dynamic environment.
- Understanding of a broad range of technologies including cloud computing, networking, cloud application design and development tools/processes, and common cloud-based application architectures.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until September 11, 2024.
#EOjobs
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
This job is no longer accepting applications
See open jobs at Microsoft.See open jobs similar to "Senior Application Security Specialist" Tech:NYC.