Otevřená pracovní pozice v Microsoft
Product Security Engineer Skype
- Typ úvazku
- Budova Delta, Za Brumlovkou 5/1559, 140 00 Praha 4, Czechia
The Product Security (ProdSec) Team is responsible for overseeing the security of all the software features developed for Skype, Skype for Business, Microsoft Teams and the GroupMe products. These communication tools are offered in both consumer and enterprise markets and are available across all leading desktop and mobile platforms.
As a member of ProdSec you will provide input and oversight to help build robust and secure solutions that scale to the needs of hundreds of millions of users that depend on these products daily. ProdSec engages with business units helping contribute to designs, review product feature implementation plans, understand cloud environment usage and even help shape test or deployment strategies so that products are created as part of a secure development lifecycle (SDL).
Microsoft is seeking a self-motivated and dynamic individual to be part of ProdSec to engage with teams to promote security awareness, encourage a defensive mindset, influence their processes and priorities and provide expert security guidance.
- Work in an agile development environment and partner with engineering and product teams to ensure that new product feature development adheres to security best practices
- Conduct regular security reviews of both software and processes; conduct periodic code reviews and educate the engineering teams on best practices for writing secure code
- Review and create threat models; promote security training and awareness in the organization
- Coordinate remediation of any application security weaknesses uncovered
- Evaluate and promote the use of automation tools to assist manual reviews in identifying issues
- Conduct penetration testing or interact with penetration testers and other external vendors to validate that security controls work as expected
- Full understanding of web stack, web security and common vulnerabilities
- Development skills to facilitate code reviews or tool development
- Domain expert in security with respect to web development and enterprise app development
- Good understanding of cloud technologies
- Basic penetration testing skills
- Experience with automation tools and deployments
- Excellent verbal and written communication skills
- Leadership qualities including the ability to work effectively with cross-functional teams and able to consider diverse opinions
- A working knowledge of Agile Development methodology
Understanding of SDL and mobile experience is a plus experience
BS or MS degree in Computer Science or Engineering OR equivalent years of relevant work