Senior Security Engineer

Microsoft Microsoft · Big Tech · Cambridge, MA, United Kingdom +1 · Penetration Testing

Senior Security Engineer role focused on identifying and mitigating security vulnerabilities in Microsoft's operating systems, platform technologies, and cloud platforms. The role involves design review, code review, fuzzing, variant analysis, developing mitigations, and collaborating with engineering teams to integrate security into the development lifecycle. It also includes developing and scaling security tooling and staying current on attacker techniques.

What you'd actually do

  1. Drive identification and analysis of security vulnerabilities across operating system and platform components, including design review, code review, fuzzing, and variant analysis
  2. Develop and influence mitigations and protections that reduce risk across platforms, improving resilience against entire classes of vulnerabilities
  3. Collaborate with engineering teams to integrate security into the development lifecycle, influencing design decisions and improving secure engineering practices
  4. Contribute to the development and scaling of security tooling, detection capabilities, or analysis techniques that enable broader coverage and earlier detection of vulnerabilities
  5. Partner across organisations to translate security findings into systemic improvements and measurable security outcomes

Skills

Required

  • Significant experience in security-related elements of software engineering or in another security-related field
  • Hands on experience with systems level programming languages such as C, C++, or Rust

Nice to have

  • Public or internal track record of relevant security research
  • Understanding of operating system security fundamentals, including kernel or low level platform components
  • Experience performing vulnerability research, including code review, fuzzing, reverse engineering, or exploit development
  • Experience developing or applying mitigations, such as memory safety protections, sandboxing, or platform hardening techniques

What the JD emphasized

  • security screening requirements
  • security screenings