Principal Security Program Manager

Microsoft Azure Edge + Platform (E+P) is a globally distributed team of engineers, architects, program managers, product managers, business program managers, business administrators, user experience researchers and designers who are responsible for the platform for Microsoft and for delivering Microsoft's edge vision. We create the most reliable and trustworthy OS and platform services to empower Microsoft and our customers to achieve more. We unlock the next wave of opportunity at the edge through an at-scale ecosystem driving widespread adoption of our Microsoft cloud services.

Microsoft's Services Pentest (SERPENT) team is looking for a Principal Security Program Manager to elevate the end-to-end service security fundamentals in the Azure Edge + Platform (AEP) and Windows & Devices (W+D) space. SERPENT is part of the Edge + Platform Security Fundamentals (EPSF) team in AEP, a globally distributed team responsible for platforms and services that enable consistent application development and management across the cloud and the edge. This team performs security design reviews, code reviews, and penetration testing on key features of AEP and W+D services to make sure they meet the highest possible security standards, as well as defines security requirements and best practices that all of our services adhere to. SERPENT develops and applies these Fundamentals across the entire service development lifecycle -from Design and Develop to DevOps and Deployment- through deep, human-led engagements and broad automated detections and preventions leveraging industry, Microsoft, and unique ESPF domain expertise.

As a Principal Security Program Manager in SERPENT you will be directly shaping our strategic approach to applying offensive, defensive and remediation tactics to improve both our human-led service engagements and transferring those learnings to the development policies and processes to improve Security Fundamentals for all our services.

This position offers an unparalleled opportunity to build and leverage your understanding of product building, fundamentals, and operational excellence to further develop and evolve the service security strategy across AEP and W+D. The successful candidate will have experience with online services, penetration testing (code audit, Static Application Security Test (SAST)/Dynamic Application Security Testing (DAST), finding creative ways to break assumptions), a clear understanding of service security fundamentals, solid computer science skills, and a passion for keeping Microsoft customers safe.

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities:

As a Principal Security Program Manager, you are responsible for the following:

• Develop and articulate clear a clear vision and roadmap for your team's functions and scope including establishment of opportunities for innovation in tactics as well as automated detections and preventions at scale
• Identify and mitigate risk in Microsoft products in close partnership with SERPENT engineers including design reviews, code reviews, and risk assessments
• Be the security contact for teams building new innovative services and technologies in the next version of Azure Edge and Windows Devices.
• Leverage a broad and current understanding of security to envision new protections
• Interact with the external security community and security researchers
• Collaborate with product teams to improve security, and articulate the business value of security investments
• Partner with teams inside and outside EPSF toward building security and compliance early in the product development process and in developing born secure, born compliant products.
• Define objectives and key results (OKRs) to measure product success and track progress against goals, iterating and optimizing as necessary
• Embody our Culture & Values

Qualifications:

Required Qualifications:

• 7+ years experience in software development lifecycle, large scale computing, modeling, cyber security, anomaly detection
  • OR Bachelor's Degree in Computer Science, Risk Management, Cyber Security, or related field
  • OR equivalent experience.

Other Requirments

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Substantial experience in cybersecurity assurance and program management preferably including online service development.
• Strategic thinking and problem-solving skills, with the ability to develop and execute research & development strategies that support product development objectives.
• Experience with defining and tracking OKRs and KPIs to measure program performance.
• Proficient communication and collaboration skills, with the ability to effectively interact with stakeholders at all levels of the organization.
• Customer feedback and data driven.
• Experience in the security domain and with leading fundamentals.

• Demonstrated experience developing product roadmaps to deliver customer and business value across products and services.
• Demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.

• Demonstrated coding skills in one or more popular languages and platforms such as: C#, Java, Python, and others.

• CISSP, OSCP, GCIA, or SANS certifications

Security Assurance IC5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until September, 2, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

#AEPJobs

#EPSFPM