Microsoft Corporation Security Engineer in Prague, Czech Republic

The Product Security (ProdSec) Team is responsible for overseeing the security of all the software features developed for Skype, Skype for Business, Microsoft Teams and the GroupMe products. These communication tools are offered in both consumer and enterprise markets and are available across all leading desktop and mobile platforms.

As a member of ProdSec you will provide input and oversight to help build robust and secure solutions that scale to the needs of hundreds of millions of users that depend on these products daily. ProdSec engages with business units helping contribute to designs, review product feature implementation plans, understand cloud environment usage and even help shape test or deployment strategies so that products are created as part of a secure development lifecycle (SDL).

Microsoft is seeking a self-motivated and dynamic individual to be part of ProdSec to engage with teams to promote security awareness, encourage a defensive mindset, influence their processes and priorities and provide expert security guidance.

Responsibilities

  • Work in an agile development environment and partner with engineering and product teams to ensure that new product feature development adheres to security best practices

  • Conduct regular security reviews of both software and processes; conduct periodic code reviews and educate the engineering teams on best practices for writing secure code

  • Review and create threat models; promote security training and awareness in the organization

  • Coordinate remediation of any application security weaknesses uncovered

  • Evaluate and promote the use of automation tools to assist manual reviews in identifying issues

  • Conduct penetration testing or interact with penetration testers and other external vendors to validate that security controls work as expected

Qualifications

Desirable Expertise/Experience:

  • Full understanding of web stack, web security and common vulnerabilities

  • Development skills to facilitate code reviews or tool development

  • Domain expert in security with respect to web development and enterprise app development

  • Good understanding of cloud technologies

  • Basic penetration testing skills

  • Experience with automation tools and deployments

Other considerations:

  • Excellent verbal and written communication skills

  • Leadership qualities including the ability to work effectively with cross-functional teams and able to consider diverse opinions

  • A working knowledge of Agile Development methodology

  • Understanding of SDL and mobile experience is a plus

  • BS or MS degree in Computer Science or Engineering OR equivalent years of relevant work experience

Diversity

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations, and ordinances.

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to askstaff@microsoft.com.