Community

Home >

Jobs >

Senior Security Product Manager

Washington, United States (On-site)

Senior Security Product Manager

1 Day ago • 5-7 Years • Cyber Security • $117,200 PA - $250,200 PA

About the job

5 skills required for this role

Add these skills to join the top 1% applicants for this job

java

ruby

owasp-zap

graphql

containers

Job Description

Microsoft's Application Security team seeks a Senior Security Product Manager in Redmond, WA. This role requires 5+ years in product management or software development, and 5+ years in security development, consulting, or penetration testing. Responsibilities include being the security contact for new AI services, specifying security controls, proactively researching new technologies, driving a positive security culture, training engineering teams, and working with security engineers and product teams to implement controls and automation. The ideal candidate possesses strong collaboration skills, experience with security threat modeling and assessments, familiarity with OWASP standards, and coding experience in languages such as Java or Ruby.

Must have:

5+ years in product/software development or security
5+ years security development/consulting/penetration testing
Security Development Lifecycle (SDL) experience
Threat modeling and security assessments expertise
Collaboration and communication skills

Good to have:

Experience with OWASP, ASVS, CWE
Experience with security libraries and controls
Web proxy familiarity (Burp, ZAP, Fiddler)
Java, Ruby, Ruby on Rails, GraphQL, REST experience
Security compliance program management

Perks:

Industry-leading healthcare
Educational resources
Product and service discounts
Savings and investment programs
Maternity and paternity leave
Generous time off
Giving programs
Networking opportunities

Overview

Our Application Security Team is currently hiring a Senior Security Product Manager in Redmond, WA.

Security is foundational to all product and service offerings from Microsoft. Microsoft’s Secure Futures Initiative is the number one priority for the company. We need an experienced security professional with a deep-rooted passion in identifying security issues before they impact millions of users. As part of the Microsoft AI Security team, you will collaborate with product engineering to innovate software design to defend against a continued and emerging security threat landscape.

Application Security team, advises on critical security design elements, proactively identifying architectural vulnerabilities and collaborates on solutions and design modifications to improve the overall security posture of Microsoft AI (Artificial Intelligence) offerings.

This team partners with product engineering, penetration testers and security personnel,

Team members are subject matter experts and are a mentor to others on the security discipline.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees, we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Start your journey with Microsoft AI, Microsoft Edge, Microsoft Search and Bing, Microsoft News, Microsoft Maps and Microsoft Advertising today!

Qualifications

Required/Minimum Qualifications:

Bachelor’s Degree AND 5+ years experience in product/service/project/program management or software development
- OR equivalent experience
5+ years experience in security development and engineering, security consulting, or application penetration testing.
5+ years of hands-on and strong experience with the Security Development Lifecycle (SDL).

Additional or Preferred Qualifications

Bachelor's Degree AND 7+ years experience in product/service/project/program management or software development
- OR equivalent experience.
Experience with Security threat modeling for new features.
Experience conducting security assessments on Web Applications, Mobile Applications, Cloud Services running on variety of operating systems including containers.
Experience with application security standards such as OWASP(Open Web Application Security Project ASVS (Application Security Verification Standard)/Top 10, CWE (Common Weakness Enumeration) 25.
Experience with common security libraries, security controls, and common security flaws.
Outstanding collaboration and partnership skills, with proven ability to drive results across teams.
Coding skills in one or more general purpose scripting languages.
Experience managing security compliance related engineering programs.
Familiarity with web proxies such as Burp, OWASP ZAP (Zed Attack Proxy) or Fiddler.
Development or scripting experience. Java, Ruby, Ruby on Rails, GraphQL, REST.
Demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders

Product Management IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until September 8, 2024.

#Search# #MAI# #Security# #ApplicationSecurity# #MAIFundamentals# //platformjobs 

Responsibilities

Be the security contact for teams building new innovative services and technologies in the next version of Microsoft AI.

Specify new security controls needed to reduce risks identified from security reviews and threat modelling exercises or from security incidents and specify these new controls as requirements to be added the organization’s SDL process.

Proactively research new technologies, make technology recommendations.

Drive and cultivate a positive culture of security across the engineering teams. Train product engineering to recognize bad patterns and innovate ways for developers to learn to identify security bad practice.