Senior Security Engineer @ Microsoft - Redmond, WA

Job Overview

a month ago

Senior Security Engineer

Microsoft - Redmond, WA

Are you passionate about hacking & improving the security of hardware/firmware and low-level components? Then this job is for you!

The Azure “Hardware and Firmware Security Assurance” team is seeking a Senior Security Engineer with demonstrated experience in hardware, firmware, network, and other low-level components.

Azure is at the center of Microsoft’s cloud services strategy and the future of Microsoft. Azure brings together virtualization, compute, storage, authentication, authorization, media and more to enable anyone to bring their business in the cloud. The C&AI Security Engineering organization focuses on ensuring a secure Azure platform for developers and a secure experience for millions of users worldwide.

As part of the HW/FW Security Assurance team, you will perform security reviews, code review, penetration testing, vulnerability analysis, develop solutions to remediate selected vulnerabilities, and provide consultation to teams to help them build hardware, firmware, and related components securely.

We are looking for a detail-oriented, self-motivated, and highly communicative engineer who can geek out on the security details of a motherboard peripherals, network communication, disk controllers, hypervisor, and a wide variety of other low-level components. You will play a key role in advancing security by working with other Security Engineers, Program Managers, and Developers throughout the Azure organization to instill an “Assume Breach” security mindset and culture in our lowest level components. You will also be a mentor for junior peer engineers, helping them grow as security engineers, and participate in the broader Microsoft and industry-wide security community to advance the state of the art.


  • Threat Modeling / Security Assessments - Parlaying research and knowledge into threat modeling and security assessments of Azure hypervisor, physical platforms and cloud infrastructure. You have a goal to prioritizing areas of security risk while identifying and addressing risks that affect Azure’s ability to protect, detect, investigate and recovery from security vulnerabilities and targeted attacks.

  • Contribute to policies - Contribute to cross-company teams to ensure that our learnings are properly reflected in development and acquisition policies, standards, and practices, to ensure the lowest practical likelihood of repeating mistakes.

  • Emerging Threat Research - Being on the forefront of emerging threats which affect cloud services. This includes research of externally found vulnerabilities as well as proactive security research on technology Azure and our customers utilize and depend on.

  • Security Code Reviews – Prioritize Azure’s highest risk features and review source code for security defects. File bugs on security defects that help remove potentially exploitable bugs from code and will improve the security of Azure services.

  • Communication & Presentation - Be an expert in security and be available to answer questions and give guidance on addressing and detecting security vulnerabilities. Create and track security metrics to reduce security risk across Azure. Present team findings through proof-of-concept exploits, white papers, and security assessment reports. Work with the other teams to define and adopt new best practices for secure development and operations.


Required Qualifications:

Preferred Qualifications:
  • Deep knowledge of server peripherals, firmware and general security.
  • Detailed knowledge of motherboard buses and peripherals, including peripherals security analysis.
  • Detailed knowledge of hardware virtualization and related code-isolation technologies, including hypervisors, containers, para-virtualization, application virtualization.
  • Deep and broad understanding of security vulnerabilities and attacks (Hardware, Software, Network, and People) and ability to apply them or find new ones based on new technology being developed.
  • Strong coding skills in one or more popular languages and platforms, including C/C++, C#, Java, SQL, assembly, Ruby, Python, and others, and the ability to pick up new platforms quickly.
  • Detailed understanding of encryption, low-level networking protocols, operating systems including Linux and Windows

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.


Similar Jobs

Senior Security Automation Engineer


Bellevue, WA

We are looking for senior security automation engineers to design and build semi-automated/automated playbooks and integrations to automate the detection,…

Security Response Engineering Manager - Opportunity for Working Remotely Seattle, WA


Seattle, WA

Hire, grow and build a high performing team of security engineers capable of achieving the team’s mission. Working knowledge of software security and PSIRT.

Application Security Engineer

Infinity Consulting Solutions, Inc.

Seattle, WA

Industry security and systems certifications. 5-10 years security service delivery or operation experience in large global organizations with increasing focus…

Sr. Security Engineer Services LLC

Seattle, WA

Work ceaselessly to improve knowledge of the security field, threat landscape, security intelligence, moving proactively toward prevention and detection of…

Developer in Test II/III - Cybersecurity, IS Core


Seattle, WA

Expeditors Cybersecurity is committed to and responsible for protecting the Confidentiality, Integrity, and Availability of our data and our customer’s…

Security Engineer 2


Redmond, WA

Prior experience working on a security blue team, security operations center, or for a managed security service provider.

Security Engineer


Seattle, WA

1 - 3 years experience with network security or general security engineering. Technical knowledge and extensive hands-on experience with security and networking…

IT PCI Compliance Analyst

Costco Wholesale

Seattle, WA

Stays current with new and evolving security topics and technologies via formal training and self-directed education.

Customer Success Engineer - Security - Opportunity for Working Remotely Seattle, WA


Seattle, WA

Strong knowledge of general security practices, endpoint security, and SIEM. Security+ or similar security certification strongly preferred.

Staff Mobile Security Engineer - Opportunity for Working Remotely Seattle, WA


Seattle, WA

Debugging security issues related to Enterprise Apps and Platforms. Train and coach engineering teams with security best practices and standards for mobile…

Senior Software Engineer– Security Tools


Seattle, WA

Design/Develop dashboards to help Security engineers and SOC. Leverage a broad understanding of security tools to help teams select the best tool for their…

Sr. Implementation Engineer - Cloud Security (SWG, SSO, SIEM, DLP, AWS/Azure)


Bellevue, WA

7+ years of experience in designing and implementing enterprise software or security solutions in cloud, security, networking, storage or comparable space in a…

Sr. Implementation Engineer - Cloud Security (SWG, SSO, SIEM, DLP, AWS/Azure)


Seattle, WA

7+ years of experience in designing and implementing enterprise software or security solutions in cloud, security, networking, storage or comparable space in a…

Malware Analyst


Seattle, WA

Reverse engineer malware and C2 protocols. Iboss is looking for a Malware Analyst and rule writer to help us increase our detection capabilities by finding the…

Systems Security Engineer

Base 2

Bellevue, WA

Educate and communicate security requirements and procedures to customers. Recommend and implement changes to enhance systems security and prevent unauthorized…

Senior Cloud Security Engineer


Seattle, WA

Lead the security posture and foster a security-focused mindset across engineering. Work alongside cloud architects and engineers to build out our Azure…

Principal AWS Security Engineer

Science 37

Seattle, WA

10+ years of professional experience in application security and AWS. Experience in applying security to cloud technologies (Managing secrets, Securing CD…

Detection and Threat Analyst


Seattle, WA

Depth of understanding in computer security related disciplines, including but not limited to the following subject areas: software vulnerabilities and…

Software Engineer III, Security, Chrome


Bellevue, WA

2 years of experience working in security. Knowledge of applied cryptography and security protocols. Perform security pen testing for specific devices.

Security Engineer, Operations


Seattle, WA

Help implement and support a range of core security systems. We seek creative engineers with excellent technical judgment, strong interpersonal skills, and an…

AWS Application Security Engineer

Amazon Dev Center U.S., Inc.

Seattle, WA

A security engineer is also expected to be a mentor for others and be a trusted security advisor within the organization. Develop security tools and automation.

Software Development Engineer, EC2 Threat Detection

Amazon Dev Center U.S., Inc.

Seattle, WA

Understand the security landscape and threats facing systems and networks. You would enjoy working closely with a peer group of highly talented engineers, and…

Manager, Information Security Engineering


Seattle, WA

5+ years’ experience in information security. 2+ years supervisory experience in the information security engineering field and the ability to direct technical…

Sr. Software Engineer - Cloud Identity & Security


Seattle, WA

Mentor and cross-train with other security team members to cultivate Security Engineering knowledge. Experience developing scalable, high performance, and…