Principal Security PM Lead - OS Security
Herzliya, Tel Aviv, Israel | Engineering | May 09, 2022


Are you interested in securing products used by over one billion customers every day? The Microsoft

Offensive Research & Security Engineering (MORSE) team’s charter is to ensure that we ship the world’s most

secure operating systems, cloud platforms, and edge devices. We’re responsible for secure design reviews,

code reviews, penetration testing, developing frameworks and rules for automated static analysis and

fuzzing, and creating platform-wide vulnerability-class mitigations.

 

In this role, you’ll be responsible for managing a team of Program Managers tasked with defining the secure

development process and the vulnerability research strategy for our Linux, IoT, hybrid cloud, and edge device

initiatives, in addition to driving security metrics to track progress and future goals. You’ll work to influence and partner with engineering and product teams to build security into the DNA of our products. And you will support our work of finding and fixing vulnerabilities at scale, building products that are secure by design, and leveraging our hardware, toolchain, and OS assets to address bug classes before they can impact our customers. Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us to achieve our mission.



Responsibilities

The Principal Security PM Lead will manage a team that drives security strategy, customer promises,

competitive approach, and execution for cross-functional Linux, IoT, hybrid cloud, and edge device initiatives.

You will work with a world-class team of program managers, security engineers, penetration testers, and

product owners to ensure critical new products are secured from the ground up with secure architecture,

code, and product controls baked in.

 

You will use your strong security background, customer empathy, market data and collaboration skills to

drive appropriate tradeoffs, ensuring customers are safe and that we ship products that meet business and

technology objectives. The ideal candidate will have a good mix of technical security acumen, product and

program management experience, and be data driven. You should be passionate about security and be able

to collaborate cross-functionally to understand different points of view, and to influence and drive to the

right solutions.

 

· Lead a team of security Program Managers.

· Own the security architecture, strategy, execution, and communication of critical new Linux, IoT,

hybrid cloud, and edge device products and features.

· Provide technical security expertise on architecture, attacker trends, mitigations, secure design, and

vulnerability research.

· Investigate, analyze, and learn from security researchers and real-world incidents to develop durable

security assurance improvements.

· Communicate progress and risks, manage stakeholders, and drive a mature release management

process.

· Lead cross-functional engagement to deliver on technical strategy.

· Drive clear accountability, timelines, and scorecards to deliver on SDL and other security priorities.



Qualifications

Required:

  •  8+ years of experience in software engineering, of which 4+ of those years have been focused on  application security or product security.
  •  1+ years of experience in managing security-focused teams.
  •  Ability to create clarity, energy, and cohesion across a team.
  •  Excellent cross-group and interpersonal skills, with the ability to articulate the business need forsecurity improvements.

 

Preferred:

  • 6+ years of experience in Program Management.
  • Knowledge of common vulnerability classes and exploitation techniques. 
  • Knowledge of Linux internals, network protocols, and file formats. 
  • Familiarity with firmware security and hardware security.

 

 

 

 

#MDMIL

#AppGuard

#AppGuardIL

#OSinternals

#OSSecurity

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: · Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

 

 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.




Make
your
mark