Senior Security Engineer

Are you driven by a hacker mindset and ardent about enhancing the security of hardware, firmware, and low-level components? If so, this job opportunity is tailored for you!

Azure Hardware and Firmware DevSec team is currently in search of a Senior Security Engineer with expertise in hardware, firmware, and related low-level components.

As a member of the HW/FW Security team within the Azure Security organization, you will have an opportunity to shape the landscape of platform security. This involves conducting security reviews such as threat modeling, design and code assessments for both Microsoft and third-party HW/FW solutions, penetration testing, vulnerability analysis, devising solutions to address identified vulnerabilities, and providing guidance to teams on securely building hardware, firmware, and related components.

We are seeking a detail-oriented, self-motivated engineer with exceptional communication skills who revels in delving into the security intricacies of various low-level components, including motherboard peripherals, network communication, disk controllers, and hypervisors. In this role, you will collaborate closely with other Security Engineers,

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

• Threat Modeling / Security Assessments: Utilizing research and expertise to conduct threat modeling and security assessments of Azure HW/FW solutions, and cloud infrastructure. Your objective is to prioritize areas of security risk, identifying and addressing security defects that may impact on Azure's capacity to safeguard against, detect, investigate, and recover from security incidents.
• Security Reviews: Prioritize the highest risk features within Azure and perform comprehensive reviews of their design, source code, or final product to identify security defects. Utilize existing tools or develop new ones, such as static/dynamic analysis tools, to enhance efficiency and quality of work. Take the lead in addressing identified security flaws and implementing proactive security hardening measures to mitigate future exploitable vulnerabilities.
• Driving Security: Collaborate with cloud server and in-rack devices hardware ecosystem partner to establish security solutions and requirements, identify critical threats, and develop agreed plans for remedial actions. Collaborate with Microsoft Hardware Engineering teams from the early stages of product development to guarantee the security of Azure hardware platforms.

• Contributing to Policies: Engage with cross-company teams and industry partners to ensure that our insights are effectively integrated into development policies, standards, and practices. Aim to continuously elevate the security standards by fostering a growth mindset and implementing best practices.

• Emerging Threat Research: Stay at the forefront of emerging threats impacting cloud services by conducting research on externally identified vulnerabilities and proactively investigating security risks associated with the technologies utilized by Azure and our customers.
• Communication & Presentation: Be an competent in security and be available to answer questions and give guidance on addressing security defects. Present team findings through white papers and security assessment reports. Work with the other teams to define and adopt new best practices for secure development and operations.

Other

• Embody our Culture & Values