This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Sr Security Service Engineer Microsoft

Jump to: navigation, search

Sr. Security Service Engineer Job Category: IT

Location: United States, WA, Redmond

Job ID: 781872 72274

Product: (Not Product Specific)

Division: IT

Do you have a passion for security and excited about impacting some of the largest and most complex infrastructure security challenges Microsoft is involved with today? If the answer is yes, you may be a candidate to join the ACE Team.

The ACE (Assessment, Consulting & Engineering) team is the assessment arm of Microsoft’s Information Security & Risk Mgmt. organization. Our team is a dynamic organization chartered with providing security assessment services to both Microsoft and to Microsoft’s enterprise and public sector customers to help effectively manage security risks. As a part of our charter, we are tasked with sharing and showcasing with external customers how Microsoft manages risks as well as to learn and bring back best practices from Microsoft’s customers to benefit Microsoft’s own risk management needs.

The successful candidate for the Sr. Security Service Engineer (Information Security) role will engage in a consulting/advisory role with both internal clients and Microsoft Enterprise customers to asses, develop and architect Microsoft application security solutions. The Sr. Security Service Engineer will contribute expertise to application threat models and design reviews, as well as provide security consulting and security architectural guidance to application development teams throughout Microsoft.

You’ll be responsible for providing guidance and real world mitigation steps to identified information security risks. The successful candidate will be required to assess security flaws, determine mitigation strategies and drive fixes to resolution. A thorough understanding of Microsoft technologies, an understanding of security architectures and experience deploying complex enterprise solutions will be valuable experience for the right candidate.

Sr. Security Service Engineer (Information Security) responsibilities:

Develop, design, and architect technical application security review solutions, including the development of application vulnerability assessment methodologies

Perform extensive technical consulting in the areas of application security focused on Microsoft development platforms and technologies.

Follow all Microsoft services delivery methodology for external engagements, including ACE specific requirements around utilization, quality assurance, consistent delivery and meeting a high bar for customer satisfaction

Geographic scope is the Americas however may require overseas travel. Travel is a requirement with most deliveries requiring onsite presence within the continental United States

Must be able to work autonomously as well as in team environments, often in stressful, high impact situations

Requirements/Qualifications and Previous Work and Related Experience (including educational requirements):

Advanced knowledge of Application Security Architectures and Guidance

Advanced knowledge of Secure Development Lifecycle and applications security assessment methodologies

Understanding of application development languages to included: .NET, C/C++, VB, VB NET, COM, COM+ and DCOM

Excellent written, verbal and presentation skills are required

Strong analytical and organizational skills are essential and required

3+ years experience conducting application security assessments, designing, deploying application security solutions

An understanding of ISO31000 standards and related assessment methodologies is desired

CISSP, SANS certifications, Microsoft technology certifications and other security certifications a huge plus

Qualified Applicants should contact: Talhah Mir; [email protected]