Senior Security Technical Program Manager

The Trust & Integrity Protection (TrIP) team has an immediate opening for a Senior Security Technical Program Manager to help identify, assess, and remediate security risk for applications across our vast tools and technology ecosystem. Our Assurance team executes programs that assess applications and infrastructure for privacy, security, governance, risk, and compliance. Our larger organization... provides guidance and oversight across the Microsoft Customer & Partner Solutions (MCAPS) division. In this role, you will provide technical depth and expertise to a team of security professionals performing application and infrastructure security assessments across the business. You will support and help guide the team as they work with application developers to ensure that their applications meet our rigorous requirements for security, privacy, accessibility, and resilience. You will work with the team to define the state of the practice in application development security. You will also define and manage key measures for security across a diverse organization. Key to this role is your technical aptitude for application security, overall technical depth, security risk management, capacity, and operational ability to manage a multiple heterogenous projects simultaneously. Also critical are proficient program management skills, the ability to influence without authority, to work in a quickly changing area, and be able to represent your work to partners and leadership. Our team values capable and active cross-team communication and collaboration, and proactive sharing of learnings and best practices to help make our whole team better. At the same time, to be successful in this role you need to be a self-motivated driver who can succeed with limited direction. You will work with a team of collaborative security professionals who will value you as an individual and support your professional development. Microsoft is on a mission to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their authentic selves each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us achieve our mission by representing Microsoft in today’s competitive talent market as we search for the nation’s top talent. Responsibilities • Vulnerability Identification and Mitigation: Regularly assess security, identify vulnerabilities, and work with development teams to remediate them. This involves activities like code review, dynamic testing, and threat modelling. • Threat Modeling: Analyze software systems to identify potential threats and vulnerabilities. Create threat models that outline potential attack vectors and help prioritize security efforts. • Secure Code Review: Review code written by developers to identify security flaws, adherence to coding standards, and best practices. Ensure that security is integrated into the development lifecycle. • Security Testing: Perform various security tests, including static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST), to identify and uncover vulnerabilities in applications. • Security Training: Conduct security training sessions for developers, QA engineers, and other stakeholders. • Incident Response: In the event of a security incident or breach, application security engineers play a critical role in investigating, containing, and mitigating the impact. They collaborate with incident response teams. • Provide technical guidance for Application onboarding activities and support application developers in navigating the review process. • Design and develop roadmaps and priorities for the Assurance program as it applies to tools and services built in MCAPS. • Lead and identify cross-organizational teams to create and maintain tool security guidance. • Build and nurture positive working relationships with stakeholders and leadership, and be engaged as a trusted advisor within MCAPS. • Work closely with various engineering organizations and tool owners to support their programmatic initiatives to shift left the Assurance function in the development cycle. • Design and implement process improvements to the Application Risk Assessment program. • Assist with the tools and technology review and assessment processes to identify data protection and compliance-related gaps. • Embody our Culture & Values Qualifications Minimum Qualifications: • Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development • OR equivalent experience. • 2+ years experience managing cross-functional and/or cross-team projects. • 4+ years of combined technology administration/management, technical risk management, technical risk consulting, and/or software development/engineering work experience. Preferred Qualifications • Ability to coordinate complex process reviews, interpret the results and articulate the findings in a clear and concise manner. • Bachelor’s degree in Information Technology, Cybersecurity, or Business Management. • Certifications (not mandatory), Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), or other discipline specific certifications. • Coding Skills: A basic to moderate understanding of coding is beneficial. • Experience working on an application or service development team is helpful. • Effective written and oral communication skills, with the ability to tailor communications based on audience. • Self-motivated with ability to work with little supervision. • Ability to analyze complex problems, think creatively, communicate recommendations, influence change and drive process and structure into a dynamic environment. • Understanding of a broad range of technologies including cloud computing, networking, cloud application design and development tools/processes, and common cloud-based application architectures. • Understanding of data security concepts, such as Application Security Testing, Vulnerability Assessment, or Information Systems Audit. Technical Program Management IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay Microsoft will accept applications for the role until August 1, 2024. #EOjobs Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations