Application Security Technical Program Manager
Microsoft
The Trust & Integrity Protection (TrIP) team has an immediate opening for an Application Security Technical Program Manager to help identify, assess, and remediate security risks for applications across our vast tools and technology ecosystem. Our Assurance team executes programs that assess applications and infrastructure for privacy, security, governance, risk, and compliance. Our larger organization provides guidance and oversight across the Microsoft Customer & Partner Solutions (MCAPS) division.
In this role, you will provide your technical experience to a team of security professionals performing application and infrastructure security assessments across the business. You will support and help guide the team as they work with application developers to ensure that their applications meet our requirements for security, privacy, accessibility, and resilience. You will work with the team to define the state of the practice in application development security. You will also define and manage key measures for security across a diverse organization. Key to this role is your technical experience with application security, security risk management, capacity, and operational experience managing multiple heterogenous projects simultaneously.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
- Vulnerability Identification and Mitigation: Regularly assess security, identify vulnerabilities, and work with development teams to remediate them. This involves activities like code review, dynamic testing, and threat modelling
- Threat Modeling: Analyze software systems to identify potential threats and vulnerabilities. Create threat models that outline potential attack vectors and help prioritize security efforts.
- Secure Code Review: Review code written by developers to identify security flaws, adherence to coding standards, and best practices. Ensure that security is integrated into the development lifecycle.
- Security Testing: Perform various security tests, including static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST), to identify and uncover vulnerabilities in applications.
- Provide technical guidance for Application onboarding activities and support application developers in navigating the review process.
- Design and develop roadmaps and priorities for the Assurance program as it applies to tools and services built in MCAPS.
- Lead and identify cross-organizational teams to create and maintain tool security guidance.
- Build positive working relationships with stakeholders and leadership, and act as a trusted advisor within MCAPS.
- Work closely with various engineering organizations and tool owners to support their programmatic initiatives to shift left the Assurance function in the development cycle.
- Design and implement process improvements to the Application Risk Assessment program.
- Assist with the tools and technology review and assessment processes to identify data protection and compliance-related gaps.
Embody our culture and values.
Qualifications
Required Qualifications
- Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development OR equivalent experience.
- 2+ years of experience managing cross-functional and/or cross-team projects.
Preferred Qualifications
- 7+ years of combined technology administration/management, technical risk management, technical risk consulting, and/or software development/engineering work experience.
- Experience with a broad range of technologies including cloud computing, networking, cloud application design and development tools/processes, and common cloud-based application architectures.
- Experience with data security concepts, such as Application Security Testing, Vulnerability Assessment, or Information Systems Audit.
- Bachelor’s degree in Information Technology, Cybersecurity, or Business Management.
- Certifications: Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), or other discipline specific certifications.
Technical Program Management IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.