Are you a passionate about hacking & improving the security of hardware/firmware and low-level components? Then this job is for you!
The Azure Hardware and Firmware Security Assurance team is seeking a Senior Security Engineer with demonstrated experience in firmware, network, virtualization, and other low-level components.
Azure is at the center of Microsoft’s cloud services strategy and the future of Microsoft. Azure brings together virtualization, compute, storage, authentication, authorization, media and more to enable anyone to bring their business in the cloud. The C&AI Security Engineering organization focuses on ensuring a secure Azure platform for developers and a secure experience for millions of users worldwide.
As part of the HW/FW Security Assurance team, you will perform security reviews, code review, penetration testing, vulnerability analysis, develop solutions to remediate selected vulnerabilities, and provide consultation to teams to help them build firmware, network, virtualization and related components securely.
We are looking for a detail-oriented, self-motivated, and highly communicative engineer who enjoy the security details of a motherboard peripherals, network communication, disk controllers, hypervisor, and a wide variety of other low-level components. You will play a key role in advancing security by working with other Security Engineers, Program Managers, and Developers throughout the Azure organization to instill an “Assume Breach” security mindset and culture in our lowest level components. You will also be a mentor for junior peer engineers, helping them grow as security engineers, and participate in the broader Microsoft and industry-wide security community to advance the state of the art.
- Threat Modeling / Security Assessments - Parlaying research and knowledge into threat modeling and security assessments of Azure hypervisor, physical platforms and cloud infrastructure. You have a goal to prioritizing areas of security risk while identifying and addressing risks that affect Azure’s ability to protect, detect, investigate and recovery from security vulnerabilities and targeted attacks.
- Contribute to policies - Contribute to cross-company teams to ensure that our learnings are properly reflected in development and acquisition policies, standards, and practices, to ensure the lowest practical likelihood of repeating mistakes.
- Emerging Threat Research - Being on the forefront of emerging threats which affect cloud services. This includes research of externally found vulnerabilities as well as proactive security research on technology Azure and our customers utilize and depend on.
- Security Code Reviews – Prioritize Azure’s highest risk features and review source code for security defects. File bugs on security defects that help remove potentially exploitable bugs from code and will improve the security of Azure services.
- Communication & Presentation - Be an expert in security and be available to answer questions and give guidance on addressing and detecting security vulnerabilities. Create and track security metrics to reduce security risk across Azure. Present team findings through proof-of-concept exploits, white papers, and security assessment reports. Work with the other teams to define and adopt new best practices for secure development and operations.
- Bachelor of Science, Bachelors, BA, BA CS, Computer Science, Mathematics, Engineering degree or equivalent experience
- 7+ years’ experience in hardware security and/or low-level software engineering.
- Deep knowledge of firmware, hypervisors and general security.
- Detailed knowledge of motherboard buses and peripherals, including peripherals security analysis.
- Detailed knowledge of hardware virtualization and related code-isolation technologies, including hypervisors, containers, para-virtualization, application virtualization.
- Deep and broad understanding of security vulnerabilities and attacks (Hardware, Software, Network, and People) and ability to apply them or find new ones based on new technology being developed.
- Strong coding skills in one or more popular languages and platforms, including C/C++, C#, Java, SQL, assembly, Ruby, Python, and others, and the ability to pick up new platforms quickly.
- Detailed understanding of encryption, low-level networking protocols, operating systems including Linux and Windows
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.