Microsoft Corporation Security Software Development Engineer in Redmond, Washington

Are you passionate about web security? Are you gifted at ethical hacking? Are you intuitively able to understand weakness in systems? Are you fascinated and obsessed with staying current on novel security research?

Microsoft Security Response Center Vulnerabilities and Mitigations Team (MSRC V&M) is looking for a talented web vulnerability researcher to join its engineering team. The V&M team consists of highly motivated, world-class security engineers responsible for researching security issues across Microsoft products, including the Microsoft Azure platform. This is a unique opportunity to impact every major web and cloud service that Microsoft has running in terms of security and learn from awesome colleagues.


Responsibilities :

  • MSRC being the face of security at Microsoft receives vulnerability reports from security researchers all over the world. Your responsibility in the team would include:

  • Analyzing critical security vulnerabilities reported to MSRC.

  • Building tools and inventing new approaches to look for vulnerabilities in Microsoft cloud and web services.

  • Pentesting Microsoft web services, web components and cloud infrastructure.

  • Innovating in web security mitigations and hardening to make Microsoft products and services more secure.

  • Gathering knowledge based on incoming bug trends to inform security research for the team, as well as influence the broader Microsoft security strategy


This position is for a passionate web vulnerability researcher with the following:

Required Skills:

  • 3+ years security research experience in Windows and Linux web stacks, with expertise in at least one.

  • Deep understanding of web security vulnerabilities, including exploitation and mitigations.

  • Experience in building tools and automation to discover or validate web security issues.

  • Ability to explain and advise on security design and implementation of complex security problems.

  • Experience in publicly available web security test tools.

Following skills are preferred:

  • Public track record of web vulnerability research and discovery

  • Understanding of security issues that may arise in managed and native server code components and their security implications

  • Ability to understand C and/or C+Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form at .

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.