---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Researcher
Location: Redmond, Washington, US
Type: Permanent F/T
Closing Date: 06/26/2005
Want to hack for fun and profit? Want to contribute to the security of Windows?
Want to participate in defining the future of hardware based OS security? Come
be a penetration tester on the NGSCB team. Must have: deep OS knowledge, kernel
expertise, know which end of a stack frame is the business end, and know why a
one byte overwrite can topple a castle. Must want to learn or already know how
to reverse engineer code, find exploits, and break applications to do your
bidding. Understanding crypto and how crypto can go wrong is a big plus. Find
the exploits in products which don’t exist yet. Find weaknesses in design
and propose mitigations. Be an expert on how people break other security
systems and help educate the team to keep us clear of the same mistakes. Must
be able to formalize thinking around threats, attacks, and assets. Must be able
to write code that will break other code. Must be able to think creatively and
play the part of an adversary.
The Next Generation Secure Computing Base (NGSCB) is a set of new,
trust-oriented Windows features, re-architecting the Windows platform from the
hardware up. This V1 product will dramatically enhance the level of security
available to applications by enhancing the Privacy, Security, and Data/Content
Protection aspects of the execution environment. New infrastructure allows for
stronger process isolation, secure input and output, redefined restriction
policies, and new cryptographic features. The platform utilizes new hardware
being developed by partners to bring new levels of assurance to distributed
computing environments. You can be part of building this set of innovative
security technologies that will change computing and push the frontiers of OS
security.
In this position you will be part of a small security attack test team (Red
Team) focused on enhancing the security of our platforms. You will be
responsible for writing attack test specifications and threat models, analyzing
the system, implementing/executing automated and adhoc attack tests,
identifying / tracking / analyzing bugs that are found and making suggestions
for improving the security of the platform. Additionally you will be involved
in design & code reviews as well as training other test team members to enhance
the security testing knowledge of the whole test team. You will also work with
the Development, Program Management, and Architecture teams on resolving issues
you identify through your work.
JOB REQUIREMENTS
---------------------------------------------------
Qualified candidates should have strong coding proficiency in C/C++, strong
experience with Operating System fundamentals, at least 3 years experience in a
security and penetration testing role. A minimum of a B.S. degree in Computer
Science or related engineering field is required.
CONTACT
---------------------------------------------------
Send resumes to leannd@microsoft.com
LeAnn Darneille
Security Recruiter
Microsoft
leannd@microsoft.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
