Principal Security Program Manager- Security Assurance and Vulnerability research team
Herzliya, Tel Aviv, Israel | Product Management | Mar 06, 2022

Are you interested in securing products used by over one billion customers every day? The Microsoft Offensive Research & Security Engineering (MORSE) team’s charter is to ensure that Windows, Linux, and IoT platforms are designed, developed, and shipped securely. We’re responsible for secure design reviews, code reviews, penetration testing, red teaming, developing frameworks and rules for automated static analysis and fuzzing, and creating platform-wide vulnerability-class mitigations. 


As a Security Program Manager, you’ll be responsible for defining the secure development process and the vulnerability research strategy for our Linux and IoT initiatives, in addition to driving security metrics to track progress and future goals. You’ll work to influence and partner with engineering and product teams to build security into the DNA of our products. And you will support our work of finding and fixing vulnerabilities at scale, building products that are secure by design, and leveraging our hardware, toolchain, and OS assets to address bug classes before they can impact our customers. 


Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us to achieve our mission. 


  • The Security Program Manager will drive security strategy, customer promises, competitive approach, and execution for cross-functional Linux and IoT initiatives. You will work with a world-class team of security engineers, penetration testers, and product owners to ensure critical new products are secured from the ground up with secure architecture, code, and product controls baked in. 


    You will use your strong security background, customer empathy, market data and collaboration skills to drive appropriate tradeoffs, ensuring customers are safe and that we ship products that meet business and technology objectives. The ideal candidate will have a good mix of technical security acumen, product and program management experience, and be data driven. You should be passionate about security and be able to collaborate cross-functionally to understand different points of view, and to influence and drive to the right solutions. 


    • Own the security architecture, strategy, execution, and communication of critical new Linux and IoT products and features. 
    • Provide technical security expertise on architecture, attacker trends, mitigations, secure design, and vulnerability research. 
    • Investigate, analyze, and learn from security researchers and real-world incidents to develop durable security assurance improvements. 
    • Communicate progress and risks, manage stakeholders, and drive a mature release management process. 
    • Lead cross-functional engagement to deliver on technical strategy. 
    • Drive clear accountability, timelines, and scorecards to deliver on SDL and other security priorities. 



  • 8+ years of experience in software engineering, of which 4+ of those years have been focused on application security, product security, or similar. 
  • Excellent cross-group and interpersonal skills, with the ability to articulate the business need for security improvements. 



  • 6+ years of experience in Program Management. 
  • Knowledge of common vulnerability classes and exploitation techniques. 
  • Knowledge of Linux internals, network protocols, and file formats. 
  • Familiarity with firmware security and hardware security. 
  • Ability to write automation via scripting languages such as Python. 


Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: 

  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.  




Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.


Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.