Senior Security Product Manager

As a core member of the Application Security team, you will advise teams on critical security design elements, proactively identify architectural vulnerabilities and collaborate on solutions and design modifications to improve the overall security posture of MAI offerings. You will partner with product engineering, pen testers and security personnel, acting as a subject matter expert and mentor to others on the security discipline.

Start your journey with Edge, Microsoft Search and Bing, Microsoft News, Microsoft Maps and Microsoft Advertising today!

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Required Qualifications

• Bachelor's Degree AND 5+ years experience in product/service/project/program management or software development
  • OR equivalent experience.
• 5+ years experience in security development and engineering, security consulting, or application penetration testing.
• 5+ years of hands-on and strong experience with the Security Development Lifecycle (SDL.)
• Experience conducting security assessments on Web Applications, Mobile Applications, Cloud Services running on variety of operating systems including containers.

Preferred Qualifications

• Experience with application security standards such as OWASP ASVS/Top 10, CWE 25.
• Experience with common security libraries, security controls, and common security flaws.
• Familiarity with web proxies such as Burp, OWASP ZAP or Fiddler.
• Development or scripting experience. Java, Ruby, Ruby on Rails, GraphQL, REST.

Product Management IC4 - The typical base pay range for this role across the U.S. is USD $117,200 - $229,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $153,600 - $250,200 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: 

Microsoft will accept applications and process offers for these roles on an ongoing basis. 

#ApplicationSecurity

• Be the security contact for teams building new innovative services and technologies in the next version of Microsoft AI.
• Specify new security controls needed to reduce risks identified from security reviews and threat modelling exercises or from security incidents and specify these new controls as requirements to be added the organization’s SDL process.
• Proactively research new technologies, make technology recommendations.
• Drive and cultivate a positive culture of security across the engineering teams. Train product engineering to recognize bad patterns and innovate ways for developers to learn to identify security bad practice.
• Work with our security engineering team and product teams to identify, define and implement security controls and automation.
• Leverage a broad and current understanding of security to envision new protections.