---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Application Security Engineer
Location: Redmond, Washington, United States
Type: Permanent F/T
Closing Date: 2006-12-17
Security Technologist
Are you passionate about security? Are you a veteran in the art of hunting
down security issues and making sure they are properly addressed? Have you
ever wanted the opportunity to shape the security posture of the worlds largest
software company by being responsible for not just one application, but for
thousands throughout the enterprise? If so, then the Application Consulting &
Engineering (ACE) team wants to hear from you! We’re looking for several
passionate and talented candidates to help us realize the vision of Trustworthy
Computing by conducting security analysis of web and network-based business
applications.
As well as conducting security analysis using both black box and white box
methodologies, you will contribute expertise gleaned from previous assessments
to application threat models and design reviews and provide security consulting
to application development teams throughout Microsoft. You’ll be
responsible for providing guidance and recommendations for mitigating the
vulnerabilities you identify. You will assess security flaws, determine
mitigation strategies and drive fixes to resolution. Your expertise will be
counted on to help implement security policies, procedures and application
architecture at Microsoft. You’ll also be responsible for mentoring and
overseeing vendors. Finally, you’ll provide key contributions in the
design and implement the methodology, tools, techniques and code libraries used
by the ACE team and its customers to secure the next generation of applications
at Microsoft.
Several positions are currently open.
JOB REQUIREMENTS
---------------------------------------------------
Qualifications: Candidates must have a minimum of 3 years of experience
developing software for the Microsoft platform using programming languages and
development platforms including C/C++, C#, VB, VB.NET, and SQL. Candidates
should be thoroughly familiar with Microsoft’s development frameworks both
past and present this includes, at a minimum, COM, COM+, DCOM, and .NET. 3+
years of experience performing security assessments of applications required.
Strong understanding of well-known attack types such as cross-site script, SQL
injection, buffer overflows (both stack and heap based), format string bugs,
etc is also required. Additionally, they must have comprehensive knowledge of
secure protocols, authentication/authorization controls and cryptographic
concepts. Strong communication skills including experience conducting
presentations to senior management is also a must. A BA/BS in Computer Science
or related field is preferred and certifications such as CISSP, MCSE are
considered a plus. Lastly, a strong work ethic and the desire to assist the
ACE team to achieve Microsoft’s long-term Trustworthy Computing goals.
CONTACT
---------------------------------------------------
For consideration please send your resume to chahm@microsoft.com with the job
code (172898) in the subject line. Thanks!
Microsoft Corp.
C. Hahm
Recruiter
chahm@microsoft.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
