Senior Application Security Engineer - Microsoft

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.  

Microsoft is embarking on a new effort to address the growing needs of employees around the world. Viva Engage (formerly Yammer) is the industry-defining social network for the enterprise. We provide a platform for millions of employees, including those from 85% of Fortune 500 companies, to build community and culture, share knowledge, and connect with their leaders and each other.  

 The user base for Viva Engage is growing quickly.Acquired by Microsoft in 2012, Viva Engage combines the benefits of a startup - rapid innovation, cutting-edge technology, outsized individual impact - with the advantages of working for one of the most successful software companies in the world. We believe in mission-driven work and in this post-Covid world, our platform has become more indispensable than ever as it fosters connection and a sense of belonging among remote teams.  

This role on the Viva Trust team focuses on Viva Engage , which helps drive accountability, transparency, and alignment on goals across organizations. We have a once in a lifetime opportunity to build a massive business from the ground up and bring purpose, happiness, and productivity to millions.

About this job 

The Viva Trust team is responsible for enabling Security, Privacy, Responsible AI and Compliance to be one of the top networks in the world. Our Mission is to build trust with both external and internal customers. We accomplish this by listening to the needs of our customers and creating solutions that are secure, Private by design and compliant.

We are seeking to hire a Senior Application Security Engineer. As an engineer on the team, you will be responsible for securing new features including integration features with other products in the M365 suite, ensuring they are compliant with Global regulations and ensure Privacy is shifted left in the process.

 Our culture is inclusive, casual, and high energy; our team members come from diverse backgrounds and are grounded in our customer needs. This is a fantastic opportunity to build services and experiences that millions of people worldwide will use at home, at school, at work, and across their daily lives.  

 Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. 

Qualifications

Required Qualifications: 

• Bachelors Degree in Computer Science or related technical field AND 4+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or TypeScript. 
  • OR equivalent experience. 
• 4+ years of experience in application Security engineering/Privacy engineering 
• 1+ years of experience with application security standards such as The Open Worldwide Application Security Project (OWASP ASVS)/Top 10, Common Weakness Enumeration (CWE 25). 
• 1+ years experience with common security libraries, security controls, and common security flaws. 

Other Requirements:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Experience Security and Privacy threat modeling new features. 
• Outstanding collaboration and partnership skills, with proven ability to drive results across teams. 
• Understanding of Responsible AI, Privacy and Compliance regulations such as The General Data Protection Regulation (GDPR), California Privacy Rights Act (CPRA), System and Organization Controls 2 (SOC 2), ISMS Family of Standards (ISO27k) and others. 
• Experience of Privacy, Compliance, Responsible AI and Security audits. 
• Familiarity with web proxies such as Burp, The Open Worldwide Application Security Project (OWASP ZAP) or Fiddler. 
• Development or scripting experience. Java, Ruby, Ruby on Rails, GraphQL, REST. 

Software Engineering IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Microsoft will accept applications for the role until November 1, 2024

Responsibilities

• Privacy and Security assessments of platform, data and clients, through code reviews and automation.  
• Implement Privacy, Responsible AI and Security controls and checkpoints to detect and prevent issues early in the software development lifecycle.  
• Work with engineering and product teams in the design phase of products and features, conducting threat modeling and performing security architecture and design reviews.  
• Help engineering and product teams to understand Security, Responsible AI ,Compliance and Privacy requirements. 
• On-call support for escalations.  
• Implement defense in depth mechanisms to prevent Security and Privacy vulnerabilities. 
• Embody our culture and values.