Senior Security Assurance Engineer
 Microsoft | |
 United States, Texas, Irving | |
| 7000 State Highway 161 (Show on map) | |
 Mar 16, 2025 | |
|
OverviewSecurity represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. The Microsoft Security Response Center (MSRC) is looking for an experienced Security Assurance Engineer to join our AI Safety & Security team. In this role, you will build and lead Microsoft's end-to-end response process for AI-related security vulnerabilities and safety harms reported to MSRC. This is part program management, part security engineer, and always an advocate for customers and the company. You will expand on your curiosity to understand rapidly evolving billion-dollar services to work across the company and help protect customers, Microsoft, and communities from threats to security, safety, and privacy. Are you passionate about the safety and security of AI and how that intersects with our lives? If all this sounds interesting to you, then you should talk to us! The ideal candidate will have a proficient technical security foundation in Artificial Intelligence or Digital Safety in addition to experience driving operational excellence. This position requires an individual who can demonstrate being technically curious, data-focused and customer-obsessed.This role has anticipated exposure to illegal, offensive, sensitive, or mature materials on a regular basis, of various mediums inclusive of but not limited to text, audio, video, or images.Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Other : Embody our Culture and Values
ResponsibilitiesSecurity Issues Analysis* Analyzes complex issues using multiple data sources to identify security problems. Creates new solutions to mitigate security issues. Makes tradeoffs to balance security and operational needs. Helps to drive resolution to systemic security issues. Provides insights on security designs (e.g., design reviews, threat models). Understands overall feature architecture and aligns security analysis to it. Understands scope of problems and how they can affect down-level platforms. Identifies less common types of security issues, defects, or threats, in a product. Identifies and remedies security issues by collaborating with one or more feature teams. Evaluates products against security baselines (e.g., gap analysis) by comparing and contrasting features in a product and initial features of the baseline. Solution Engineering and Mitigation* Identifies, prioritizes, and targets complex security issues that cause negative impact to customers. Creates and drives adoption of relevant mitigations. Suggests and drives appropriate response and remediation for issues. Develops guidelines and best practices to enable teams to avoid common patterns of issues. Subject Matter Expertise* Uses subject matter expertise to identify potential security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities). Stays current in knowledge and expertise as securitylandscape evolves. Makes expertise available to others through sharing, coaching, conferences, and other means. Customer/Partner Results* Helps to make connections and assist in developing agreements between groups to clarify priorities and identify dependencies. Engages with customers and partners to improve security issues. Analyzes security issues or patterns. Uses knowledge of security in developing analytical tools. Advocates for customers and partners. Develops feedback channels and translates feedback into better security practices. Escalates issues as needed. Security Reviews and Reporting* Leads large-scale security reviews. Leads work on architectural and design security reviews for feature areas. Where appropriate, ensures best practices for security architecture, design and development are in place. Measures return on investment (ROI). Determines value of investment. Measures customer satisfaction. Evaluates security risks and their impact to the affected services and works with Development Operation leads, engineering leads and researchers to mitigate risks. Monitors and responds to security events, potential vulnerabilities, exposures, and policy compliance issues. Planning and Research* Takes product schedules, dependencies and risk assessments into consideration in performing security design and analysis. Creates a schedule for analysis of large feature areas that accounts for dependencies and meets milestones. Creates schedule for a security analysis that involves several stakeholders and that optimizes their time and effort. Conducts security research of Microsoft and competitor products. Researches, analyzes, and summarizes security threats and shares with Security Assurance and security tooling teams as enhancements to security compliance program. | |