Assessment Consulting and Engineering (ACE) team is a part of Microsoft Information Security division and has been chartered by Microsoft’s CIO to provide security and performance services to Microsoft IT and to Microsoft’s customers and partners. Our services ensure that developers build the appropriate security controls into their application development processes and teach them skills and techniques needed to produce secure and reliable code which are based on Microsoft internal processes, standards and best practices. We also assist IT Professionals to help review, design, assess, and deliver security related services.
ACE is a worldwide team with resources in the US, Canada, Australia, Israel, India and is seeking a Senior engineer with strong security consulting experience. We’re looking for a passionate and talented candidate to deliver world class security services to Microsoft IT and to several of Microsoft’s esteemed enterprise level customers.
Your responsibilities will include conducting security design and code reviews and security analysis using special security tools developed internally at Microsoft. In addition, you may be tasked to help customers in the design and deployment of security technologies such as PKI and Identity Management and raising security awareness through proactive security workshops. You may also be required to develop security policies and provide design/architecture guidance to internal Microsoft IT (Line of Business) Application Teams, Microsoft Consulting Services (MCS) teams as well as the customer’s security teams.
Candidates must have a minimum of 3 - 5 years of experience in Information Security for the Microsoft platform with a strong knowledge of Secure Development Processes (SDL, SDL-LOB), Active Directory, Windows OS, network authentication, encryption, wireless security, intrusion detection methods, securing remote access, ISA Server, and OS hardening techniques using Microsoft recommendations. Knowledge of security in Sharepoint 2007+, OCS and Forefront is considered a plus. Besides these additional knowledge with Microsoft’s development frameworks both past and present which include COM, COM+, DCOM, and .NET would also be beneficial.
Candidates should have a minimum of 4 years of experience performing security assessments of software application, computers, and /or networks. In depth understanding of well-known attack types such as cross-site script, SQL injection, buffer overflows (both stack and heap based), format string bugs, etc is also required. Additionally, comprehensive knowledge of secure protocols, authentication/authorization controls and cryptographic concepts is required.
Candidates must also have at least 3 years of development experience on the Microsoft .Net Framework (or an equivalent development framework/platform). This is essential not only in order to be able to review source code for security issues but it is also required to develop security tools that can automate hacking, vulnerability detection, prevention and response.
A Bachelors/Masters in Computer Science or related field is preferred and certifications such as CISSP, MCSE are considered a plus.
This position may require occasional travel; although a majority of your work will be based locally in India at Hyderabad, candidates must be willing and able to travel when required by the needs of our customers and our business.
No comments:
Post a Comment