Senior Technical Program Manager - Security Research, Azure Edge & Platform
Herzliya, Tel Aviv, Israel
Microsoft
Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today.Adaptive cloud is a new and exciting domain, combining both cloud and edge infrastructure, providing Microsoft customers with a seamless experience, regardless of where they run their workloads. Security is a priority for our customers in this domain, that contains a complex threat model, regulatory scrutiny, and product complexity.
The Edge & Platform Security Fundamentals (EPSF) org ensures we ship the world's most secure operating systems, cloud platforms, and edge devices. We conduct research into the highest priority attack surfaces and scenarios, including into Microsoft strategic investments such as Adaptive Cloud, AI, and next generation OS. Our research teams include leading researchers in this domain, finding and fixing critical issues. Aside from security research, we also emphasize a move to shift-left the discovery of security incidents via automation to reduce toil and tax on Microsoft engineers.
In this role, you will contribute to the development and execution of the security vision, roadmap, and priorities for the EPSF IL group, collaborating closely with the security researchers in EPSF IL. You will map new domains, analyze potential targets for research, prioritize and schedule security assessments and sync them with the development efforts, define processes to ensure adherence to EPSF security recommendations across product groups, and monitor their implementation. You will serve as the primary contact point for product teams engaging with EPSF IL, understanding their requirements and security challenges. You will also be the main contact point to the broader EPSF PM organization, ensuring alignment across geos, and a unified strategy. You will gather data and present metrics reflecting progress towards EPSF IL goals, triage incoming queries, and maintain visibility into new products being developed.
Responsibilities
- Help develop and drive the security vision, roadmap, and priorities of the EPSF IL group.
- Prioritize and schedule security assessments and development work in coordination with EPSF IL Security researchers.
- Help define the processes to ensure product groups are following and addressing security recommendations, and monitor these recommendations are applied.
- Defining objectives, key results, and corresponding work items for EPSF IL teams, in coordination with EPSF IL staff.
- Serve as the focal point of EPSF IL for engineering product teams, understand product teams requirements and security pain points.
- Serve as the main contact point to the broader EPSF PM org, aligning our goals and standards to the greater EPSF.
- Collect data from Engineering Systems and other sources to present metrics that show progress towards EPSF goals.
- Triaging incoming questions to the EPSF IL team and ensuring that questions get responses.
- Ensure we have visibility into products and features being developed under EPSF purview.
Qualifications
Qualifications
- Bachelor’s degree in engineering, product/technical program management, product development, security, or equivalent experience.
- 8-12 years of engineering, security, or any other technical experience.
- Out of which 3+ years' experience as a Security Program or Product Manager.
- Experience working with Security teams, product groups and operational teams.
- Experience analyzing products, identifying potential security risks, and prioritizing security research/development.
- Experience planning, researching, and developing security policies, standards, and procedures.
- Demonstrated verbal/written communication and data presentation skills, including communicating effectively with different business groups and project teams.
- Ability to collaborate with others and work as a team and with stakeholders across the globe.
Preferred qualifications
- Experience in hands-on security research, security architecture and vulnerability findings.
- Experience in vulnerability management & disclosure, security issues triage, fix and coordination across multiple teams and stakeholders, including cross company.
- Previous experience in hackathons coordination and participation, including with external partners.
- Knowledge in security mitigations, as well as automation tools such as fuzzers, static analyzers and other scanners.
#EPIL
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation Azure Cloud Security assessment Strategy Vulnerability management
Perks/benefits: Medical leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs